PGP Passphrase Bug/Vulnerability
HyperReal-Anon
I recently discovered a bug/vulnerability in PGP's passphrase
system. In short, it may bring up some serious concerns about
the security of PGP in general.
Nothing I have found in the documentation, release notes, FAQs,
or prior discussions of bugs/vulnerabilities indicates that this
has even been acknowledged. In one of the few discussions,
Arnoud Engelfriet (the keeper of the main PGP FAQ), upper ASCII
considered upper ASCII acceptable for passphrases.
I discovered that PGP 5.x (Win95/NT version) produces an error
when using upper ASCII characters in passphrases generated by
PGP 2.6x (DOS versions 2.6.2, 2.6.3i, 2.63ui). You can get
around the error by simply not entering the upper ASCII
characters. PGP 5.x, on the other hand, does recognize upper
ASCII characters when the passphrase is generated in 5.x. This
made me wonder, so I tested PGP 2.6x. Instead of producing an
error, it ignores upper ASCII characters even when you use them
in a passphrase that it generates. This effectively reduces the
length of all passphrases using upper ASCII characters generated
in 2.6x, and probably all lower versions also. I tested on both
publicly encrypted and conventionally encrypted files.
Placement of the upper ASCII character(s) in the passphrase
makes no difference.
What this means is that people using upper ASCII characters to
make passphrases more difficult to guess and reasonably short
are actually making their passphrases easier to crack. At least
for version 2.6x. E.g, a 12 character long passphrase using
lower/upper case letters, numbers, and punctuation (95 possible
characters) and the 128 upper ASCII characters effectively loses
93.6 bits of cumulative strength.
Even though 5.x allows upper ASCII characters (the documentation
indicates support for only numbers, spaces, letters in both
cases, and punctuation), can someone modify the program to
simply ignore the upper ASCII characters?
In fact, the question arises: Can someone modify 5.x or 2.6x to
ignore all characters, effectively reducing the passphrase to
nothing?
I realize that this may only be an issue of one version
supporting upper ASCII and the other not. If that's the case,
then it is simply a bug/vulnerability in 2.6x. Nonetheless, it
seems worth considering whether the code can be rewritten in
such a way to ignore some or all of a passphrase.
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNdk+rdI9Doy6rh15AQE/JQMaA6aZuQNbulun84T1/L+FoDRctAACIrHF
viIYgDMHOfk5HPp0bAuwQJfVlrb/9F8YyFUYSOGEpTKJCJBtgjwnM7Ldtb8l3VKX
0sJYNPsQmpRNfYsx3jnV8mze6x/MBlH0CWOlaA==
=rlV8
-----END PGP SIGNATURE-----
STL137
someone over modem.
------
STL...@aol.com
"I live for books" - Thomas Jefferson
T.J. Boschloo
Mike Naylor wrote:
> HyperReal-Anon <nob...@sind.hyperreal.art.pl> wrote:
>
> >... so I tested PGP 2.6x. Instead of producing an
> >error, it ignores upper ASCII characters even when you use them
> >in a passphrase that it generates. This effectively reduces the
> >length of all passphrases using upper ASCII characters generated
> >in 2.6x, and probably all lower versions also.
>
> I couldn't reproduce this with PGP 2.6.2. Could you give us some example
> passwords to try and an exact procedure to follow?
> --
> Mike Naylor - myfirstname...@mail.serve.com
> Play Five by Five Poker at http://www.serve.com/games/
Upper ASCII characters Mike, not Uppercase letters.
(He is so amuzing :-))))
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQBpAwUBNdv/glr2gWkaoe8DAQGyRAKZAbrwsVcjeCTq8mJIt2txnZBju6k6ziUM
mc+ibQzBHJXZ2DzAKKUOQQ8T2Hs17XObsdlwXDLqs49OvmQ+o+GbE4LZXViEX3Np
A851+dWa15Af2+Lo
=ueJD
-----END PGP SIGNATURE-----
АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№¤■
T.J. Boschloo
Mike Naylor wrote:
> "T.J. Boschloo" <mu...@choose.address> wrote:
>
> "Mike Naylor Bug found in PGP newsgroup"
>
> That's the second new thread that you started with my name as part of a
> title that makes no sense. Please just leave the subject line alone until
> you get a better feel for Usenet, okay?
I did use your posting from wed, 23:07 as a reference, see:
Message-ID: <35DC0DB0...@choose.address>
References: <1dbc70405b13cdb9016e8ceca0a1c126@anonymous>,
<35de5953...@news.alt.net>
My newsreader handles this just fine. It doesn't show up as a new
thread. I changed the subject to Mike Naylor, so people could use
your name in a kill-file. But I'll read the netiquette again, if you
want me to. I do have a lot to learn about PGP and usenet, and
after my humiliation by Boudewijn W. Ch. Visser, I might just
decide to stay low for a while. At least I didn't cross-post :-]
Still think I can outclass you Mike, just not people really
knowledgeable about the internal workings of PGP like Straycat or
hw...@iname.com (who seemed to make a valid point; probably not
according to 'specifications' to use upper ascii for a passphrase,
but it's nice to know).
Or people with a sound knowledge about Math, like the professor
invalidating my argument (Physics people really excel in math, is my
experience). I will try to learn more about RSA before posting on
this subject again, and I might even get me a copy of some old
(=small) pgp-source, to see how keygeneration is REALLY
implemented. But if I knew it all already, posting to this newsgroup
would be charity. I don't do charity, unfortunately in this world
it's survival of the fittest. Fit probably meaning owning a piece of
paper or having a lot of bucks (owning lots of pieces of paper :-).
This is what I really would like to change...
Good luck 2 ya all (include you Mike Naylor),
Thomas Johan Boschloo
Hagedoornstraat 31
1783 HZ Den Helder
Holland (but you still won't get my e-mail!)
I have a last question to make this post useful:
I have a 512 bit key, what is the 512 bit? The private key, the
public key, both, the primes, or the product of the primes?
BTW Mike, 512 bit is safe enough for me. ROT13 is safe enough for me!
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use
<http://www.pgpi.com>
iQBoAwUBNd0tb1r2gWkaoe8DAQF/uQKYx5ZAu07UxwtytkcyoL4QKznfe35ZSFXT
bQIRHciNVtdcl6su2kXI0NGu221AUmPMWyuNvYSK49SZq3CPQOErvFGYo0IMbsoY
RCVgTFrRNEwAQhM=
=G1wX
-----END PGP SIGNATURE-----
Boudewijn W. Ch. Visser
>your name in a kill-file. But I'll read the netiquette again, if you
>want me to. I do have a lot to learn about PGP and usenet, and
>after my humiliation by Boudewijn W. Ch. Visser, I might just
>decide to stay low for a while. At least I didn't cross-post :-]
Uhm, was I that harsh on you ? Your conclusions were wrong, and
presumably your calculation was in error, but I hope you didn't
take it personal. I wasn't meant that way.
[..]
>Or people with a sound knowledge about Math, like the professor
>invalidating my argument (Physics people really excel in math, is my
>experience).
Blush. I'm just a humble M.Sc , not a professor. Of course physicists
do indeed have to be good at math.
I will try to learn more about RSA before posting on
>this subject again, and I might even get me a copy of some old
>(=small) pgp-source, to see how keygeneration is REALLY
>implemented. But if I knew it all already, posting to this newsgroup
>would be charity. I don't do charity, unfortunately in this world
>it's survival of the fittest. Fit probably meaning owning a piece of
>paper or having a lot of bucks (owning lots of pieces of paper :-).
>This is what I really would like to change...
For a technical description of RSA (and MD5/IDEA) on PGP you can
take a look at the Appendix of the PGP faq .
http://www.uk.pgp.net/pgpnet/pgp-faq/faq-appendix2.html
[..]
>I have a last question to make this post useful:
>I have a 512 bit key, what is the 512 bit? The private key, the
>public key, both, the primes, or the product of the primes?
A 512 bit RSA key refers to the product of two primes.
Your public key consist of this product, and a public exponent
(often 17).
>BTW Mike, 512 bit is safe enough for me. ROT13 is safe enough for me!
I doubt if anyone who says "512 bit is not secure enough for me" has
such security that factoring a 512 bit key is indeed the best way
to get at their information.
Occasionally I get the impression that those wanting multi-K keys
are hardly capable of noticing BackOrifice on their system.
Boudewijn
--
+--------------------------------------------------------------+
|Boudewijn Visser | E-mail:vis...@ph.tn.tudelft.nl |
| -finger for PGP-keys.- | http://www.ph.tn.tudelft.nl/~visser |
+-- my own opinions etc ---------------------------------------+
T.J. Boschloo
Boudewijn W. Ch. Visser wrote:
> For a technical description of RSA (and MD5/IDEA) on PGP you can
> take a look at the Appendix of the PGP faq .
>
> http://www.uk.pgp.net/pgpnet/pgp-faq/faq-appendix2.html
>
> [..]
>
> >I have a last question to make this post useful:
> >I have a 512 bit key, what is the 512 bit? The private key, the
> >public key, both, the primes, or the product of the primes?
>
> A 512 bit RSA key refers to the product of two primes.
> Your public key consist of this product, and a public exponent
> (often 17).
That would invalidate my argument :-), I lived under the presumption that
you would use two primes of 512 bits, multiplicate them to form a 1024 bit
prime-product, and use that to calculate your private and secret key of
about 512 bits also. Wrong, wrong, wrong (read it again ;-). But I'll
check the source, and really try to understand it, before giving estimates
for a linear factoring attack again. I feel that this is something that I
could do, given enough time. The estimates in the FAQ about NFS are above
my level (or just plainly incorrect, looking at it from a programmers
prospective; I think you should dedicate separate machines generating
primes and have them feed those numbers onto the (pre-read cached)
hardisks of a large specialized computer testing the generated keys [at
least the number 17 could be hardwired, that should mildly speed up
things], maybe using multiple networks like this. That would make the
attack almost linear, and at a low cost too, just having all governmental
desktops generate the keys when idle, perhaps at random accepting a little
overhead. Maybe some sneaky government could force MS to sign an ActiveX
control, that uses the computers of all users using e.g. Altavista. MS
brings the goods again!).
> >BTW Mike, 512 bit is safe enough for me. ROT13 is safe enough for me!
>
> I doubt if anyone who says "512 bit is not secure enough for me" has
> such security that factoring a 512 bit key is indeed the best way
> to get at their information.
Well, that should terminate the "Large keys yes/no"-link. I think the only
keys the government would be really, really interested in, are the
remailer keys. <http://anon.efga.org/~rlist/> Most of them are still 1024
or 2048 bits RSA keys (at least now I have a better understanding what I
am taking about, I was missing the point all along).
> Occasionally I get the impression that those wanting multi-K keys
> are hardly capable of noticing BackOrifice on their system.
The people operating the remailers know the weaknesses of their
computersystems, wouldn't the government like to get their hands on them!
(that explains the call for cyberwarfare, instead of just developing some
safe OS, like they developed Ada) Good job, remailer-operators. Your lives
serve purpose. Freedom of Speech! Away with 1984 and Big Brother!
I'll finaly shut up now,
Thomas jb
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQBpAwUBNd1061r2gWkaoe8DAQGh5QKZARsGMsbSY/Nmdqzyodxepu6r9AtJL06C
X8xX21KMfdMTZdcitZqVO2d5uR3vegcfgj1/cwWTYlfChcCxGfGZcWtfy6ApyUtE
br3hnzSNmXIKM4xo
=DY0T
-----END PGP SIGNATURE-----
--
Links you should know about:
http://www.helie.com/BrowserCheck/
http://www.w3.org/Security/Faq/wwwsf7.html
https://www.ccc.de/radioactivex.html
HyperReal-Anon
STL137 wrote:
>Anyone can ALSO rewrite PGP to store the passphrase to disk, or
>transfer it to someone over modem.
Agreed, and those have been recognized vulnerabilities. Such
changes would also be useless to someone unless you entered the
passphrase after the changes had been made.
Rewriting the code to ignore some or all of the passphrase,
however, does not require modifying the program on the host
system, which may result in warnings from other software, such
as virus checkers, that have been setup to warn the user about
changes in the program. All a potential cracker would need is
a copy of your secret key along with their own copy of a modified
PGP. In other words, if this is indeed a vulnerability, it would
make it easier/easy for anyone capable of seizing your computer or
files to decrypt all existing encrypted mail and files.
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNd11w9I9Doy6rh15AQFtwwMeIwPTMvpCvCmx/+dhN0BdF/y3JLhz1qC6
9bz7FgWCW90zCTdrH3o5Y6uY79ZnBiBYNXyOowpq0VQKJARQogv2jxHhWnD6EPTJ
3yyyTiDXcV1ITTjNDD+R6Z4Ph0AFMoCNAwdvDQ==
=OnzG
-----END PGP SIGNATURE-----
Björn Persson
<nob...@sind.hyperreal.art.pl> wrote:
>Rewriting the code to ignore some or all of the passphrase,
>however, does not require modifying the program on the host
>system, which may result in warnings from other software, such
>as virus checkers, that have been setup to warn the user about
>changes in the program. All a potential cracker would need is
>a copy of your secret key along with their own copy of a modified
>PGP. In other words, if this is indeed a vulnerability, it would
>make it easier/easy for anyone capable of seizing your computer or
>files to decrypt all existing encrypted mail and files.
>
I *really* hope THAT wouldn't work. If the passphrase were just a
little ad saying to PGP: "Please refuse to use this key if the user
can't type this passphrase!", then it would be of no use at all. The
key must be *encrypted with* the passphrase to be protected.
Björn Persson
Wazoo Remailer
On Fri, 21 Aug 1998, "Arnoud 'Galactus' Engelfriet" wrote:
>On 19 Aug 1998 21:05:05 -0000, HyperReal-Anon wrote:
>>Arnoud Engelfriet (the keeper of the main PGP FAQ), upper ASCII
>>considered upper ASCII acceptable for passphrases.
>
>At first I was confused by your use of the term "upper ASCII", since
>uppercase characters work just fine. But if you mean that characters with
>decimal value 128-255 are not accepted by PGP 2.6.*, then you seem to be
>correct.
Thanks for replying. Yes, I do indeed mean ASCII 128-255 as opposed to upper
case characters.
>>In fact, the question arises: Can someone modify 5.x or 2.6x to
>>ignore all characters, effectively reducing the passphrase to
>>nothing?
>
>The passphrase is hashed (using MD5), and this hash is used to encrypt and
>decrypt the secret key. It would be trivial to modify PGP so that it would
>always use the same hash, regardless of what passphrase is entered. However,
>this only means that if you use this modified version of PGP, your secret key
>can easily be compromised. It doesn't work if you steal a secret key
>generated with a trusted version, and then try to use it with this modified
>version, as the secret key still is encrypted with a (MD5 hash of a)
>passphrase that you don't know.
That's the anwer I was looking for. It does bring up the question why there
is so much concern about revealing the secret key, but that may be another
thread.
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNd7x2tI9Doy6rh15AQEXswMcDssiK/q3ul7PxutFkQm9k0oCST28XrtE
ewmu+oAItBiZ61bubfHcR6OdyyPzWgA9wEj8UDVg5QlQfbOSVlwC/4BblucPMd7P
mnMG5fBco3fGmNJFRhhDpLIsSzvKAqIfSSo82Q==
=J3w1
-----END PGP SIGNATURE-----
Stray Cat
wrote:
>That's the anwer I was looking for. It does bring up the question why there
>is so much concern about revealing the secret key, but that may be another
>thread.
I'm not saying it's a good idea tp float your secret key(s) around, but I
did just that to prove a point in another thread here.
Espo is convinced that once you have the secret key, you can make
signatures and decrypt files. This is nonsense because he (and the rest
of the planet) now has my secret key but not the passphrase. In fact,
even I don't have the passphrase for that particular copy of the key.
--
You can contact me by posting to alt.anonymous.messages, ATTN: Stray Cat
No files via e-mail, don't even ask. <== Read it again.
PGP Key: finger Stra...@nym.alias.net (All mail to this address will bounce.)
DSS/Diffie-Hellman PGP v 5.x Keys Will NOT Be Accepted.
Boudewijn W. Ch. Visser
>Boudewijn W. Ch. Visser <vis...@ph.tn.tudelft.nl> wrote:
>> A 512 bit RSA key refers to the product of two primes.
>> Your public key consist of this product, and a public exponent
>> (often 17).
>Could you please explain this public exponent to me? I went back to
>2.6.3i after losing my private key in yet another "damn, did I save my
>key there this time, to, and not in the part of my harddrive that I take
>backups of" and this time I really wanted to know why it was set to 17
>and what any changes to that number really will mean safetywise.
None. It just happens to be 17, because that is often the first suitable
number.
e
RSA : M^ mod n
M is the message, e is the public exponent, and n is the product of
two primes, p and q
e must be a number relative prime to (p-1)(q-1). ie : e must have
no common divisors with (p-1)(q-1).
PGP sets the size of e default to 5 bits, so 17 is the first possible
number. (16 is also 5 bits, but certainly has a common divisor with
(p-1)(q-1), because both p-1 and q-1 are even)
[see rsagen.c in the pgp263 source ]
d
Decryption of RSA is similar, C^ mod n = M
With C as the encrypted message, and d the secret exponent.
d is chosen such that d x e == 1 mod (p-1)(q-1) . So actually d is
the needed secret key. Given the primes p and q , and e (public),
it is easy to calculate d.
Summary : the number e (public exponent) cannot be chosen at will.
(you can give the number of bits, though). There is
nothing wrong with the number 17, or the fact that lots of
keys have this number.
T.J. Boschloo
Mike Naylor wrote:
> >Still think I can outclass you Mike,
>
> I would really appreciate it if you would choose someone else as your role
> model. That's one honor that I could do without!
Don't worry, I prefer using Willy E. Coyote as my role model (never give up
trying to enjoy life). Not someone that calls himself you.kn...@you.love.him!
This posting will probably be my last honouring of your presence, I might even
add you to my netscape's hall of fame (they call it filters). You'll then be
forever honoured in my computers memory and on my hard disk!
Truly sorry about you,
Thomas J. Boschloo
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQBpAwUBNeUndlr2gWkaoe8DAQECxAKaAldT4cs/XgaCloaid2c75BU5ILvwyJ4q
ytYBu++RaPe17W0AxwhI+4xnZ4UbJ8UnKnX1uJplP2AThCJ6Tk6AUcn3puAHNnMX
kn/H4tFD5o+H5pkU
=2bTw
-----END PGP SIGNATURE-----
Anonymous
Philip Zimmermann copied me on the following message, which he
apparently chose not to post. It's a slightly different, more
technically specific take on the "bug". I view it more as an
undocumented limitation now. Of course, someone with a hearing
impairment would disagree with me. :)
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNecO4tI9Doy6rh15AQGBAwMgr1+vh0f/GKnS/TYWTyRdfSI2QkQ5k+MP
YaZzJd3+EqNbU9W5ytRt2/A8ksiqO8BkgH/R4YMKrqFhpomsMCtBpVbruum5GGI3
cl0ZbL5N6WzV88XSjqFB3xjj6o8w6KLDRmyLzg==
=QR5y
-----END PGP SIGNATURE-----
Date: Wed, 19 Aug 1998 19:25:01 -0700
From: Hal Finney <h...@rain.org>
To: co...@pgp.com, h...@pgp.com, j...@pgp.com, p...@pgp.com
Subject: Re: PGP Passphrase Bug/Vulnerability
Cc: ma...@pgp.com
I looked at PGP 2.6.2 and it appears that there is a bug which can
cause ASCII characters with the high bit set (like graphics characters)
to be ignored. In function getstring() in random.c we see:
char c;
...
c = getch();
...
if (c < ' ' && c != LF && c != CR) {
putch('\007');
...
continue;
}
If chars are signed then a char with the high bit set will appear to be
negative, hence c will be < ' ' and it will be rejected with a beep.
I think chars are in fact signed in the Microsoft compilers. We had
a bug a few months ago due to signed chars.
The comment at the top of the function says:
/* Gets string from user, with no control characters allowed.
Not sure why there was that limitation, but the test above may misfire
as shown and cause high ASCII chars to be rejected as well.
The result is that if a person was using high ASCII characters in 2.6.2
for his passphrase, those chars were being skipped on a build using signed
chars, such as PCs. If he then wants to use his key in 5.X or later he
mustn't type the upper ASCII chars or else the passphrase won't match.
There is no bug in 5.X, it is correctly dealing with all the chars. It
was just a bug in 2.6.2.
Hal
Foll...@nowhere.com
wondering if 2.63 fixes the 2.62 bug mentioned.
On Fri, 28 Aug 1998 22:57:31 +0200, Anonymous <nob...@replay.com>
wrote:
Anonymous
On 1998/08/30, Follow.Me wrote:
>Curious to know the actual differences in these two builds and
>wondering if 2.63 fixes the 2.62 bug mentioned.
As regards this bug, no differences. As regards encryption, no
qualitative differences. As mentioned, all 5.x versions allow high
ASCII.
For a more comprehensive list of differences, download 2.63ui or
2.6.3i. Both list the differences between their particular version
and 2.6.2. Other sources:
*The PGP FAQ http://www.pgp.net/pgpnet/pgp-faq/
*DejaNews http://www.dejanews.com/home_ps.shtml
*AltaVista
http://www.altavista.digital.com/cgi-bin/query?pg=aq&what=news
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNepV7dI9Doy6rh15AQEl6wMg1lP1dKaymgX4wBM10/kB0+OU+SMLi54i
2w2snfIcsHc3GhJ6Oo0Sr/iPzK9fl+aIyO6/O176lHnD/149362RO8XDABAGA8Sl
mDmAg9UAX8lWb1Ad3n9bi4D6SQe6YRJyhVvubQ==
=9TAc
-----END PGP SIGNATURE-----
Stray Cat
allowed by PGP. I didn't count them, but it was right at 255 characters.
Good luck <g>.
Anonymous
On Wed, 19 Aug 1998, Hal Finney wrote:
>Did you notice that the computer would beep when you typed a high
>ASCII character? That might be a clue that it is not going to work.
>Maybe your computer is not set up so that you can hear the beeps.
>But other people who are able to hear beeps would not be likely to
>use high ASCII characters, so perhaps there are not many people out
Hey, Hal. If I knew who you were, I would have responded earlier.
I'm not fully up on the who's who of the security world yet.
I've been following up on this thread on usenet (alt.security.pgp &
comp.security.pgp). I agree, for the most part, now about the beeps,
and view the bug as more of a limitation, except in the context of
hearing impaired people. Also, for people, like me, who have a sound
card and speakers attached and in use may not find the system speaker
beep audible. There really should be a visual indicator in addition
to beeping. Ideally, the passphrase should be rejected after entry
with a message why. There should also be specific documentation as
to what characters are acceptable in the passphrase. Of course,
since the official NAI PGP 5.x releases can accept high ASCII, this
seems more of an issue for future FAQ revisions and upgrades of
the "ui" and "i" versions.
For those of us who honestly thought the high ASCII characters were
being recognized (agreeably, 1 in 1,000, give or take a couple
thousand) it also means that the passphrase quality is signifcanltly
weaker, possibly at risk if only those characters and a word were in
use. In my case, fortunately, I followed good passphrase protocol
and used a wide variety of characters (letters, numbers, punctuation,
spaces) in addition to the high ASCII.
I can understand the limitation given the availability of PGP 2.6.x
on a wide variety of current and old platforms. Any platform that
will not allow entry or makes entry of high ASCII tedious will create
inconsistency at a minimum - at worst, make high ASCII encrypted
secret keys non-portable to platforms incapable of accepting
high-ASCII input. Then there's the old version problem of dealing
with moving secret key rings around to prior versions. Such problems
probably are relevant for a rather low percentile of users. By the
lack of previous discussion on the topic alone, even PGP's advanced
users apparently limit their passphrases to standard keyboard
characters.
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNeomX9I9Doy6rh15AQFT8QMdEPVBbIqLOhmO5NrPE4CH3/t/Q9U+GbkL
Asc0b/B/jld/0+LxbfDqCWWuiULmZ2PlxG0KmzG1i00exI05ip37iYkFN6u8pUjS
AIqYHHueJBkpfx8yfyuoV5QwkkSmMYZO2cTLtw==
=cEu+
-----END PGP SIGNATURE-----
Chris Campbell
is full all the time, so I thought I'd try here first. I tried your finger,
and it didn't work. Is it still a valid finger?
Chris
Stray Cat wrote in message <657362220...@news.stray.cat.edu>...
Chris Campbell
subscribe, at the same time I'm helping in several IRC channels at the same
time I'm watching some black man kidnap his nephew on 'Craziest Police
Stories." Obviously it's a newsgroup, I knew better. Thanks for responding
here, so I didn't need to subscribe in a.a.m. Well then....I'll need to
reboot into 'nix I guess to get the finger to work.
Chris
Stray Cat wrote in message <6574034273...@news.stray.cat.edu>...
>On Thu, 3 Sep 1998 20:21:27 -0400, "Chris Campbell"
><camp...@citizenet.com> wrote:
>
>>I know you say to write into alt.anonymous.messages, however, that channel
>>is full all the time, so I thought I'd try here first. I tried your
finger,
>>and it didn't work. Is it still a valid finger?
>>Chris
>
>Yes, I just fingered the account and it works. alt.anonymous.messages is
>full? I don't think so. Channel? Sorry, it's a newsgroup, post away.
Anonymous
On 1998/08/22, Stray Cat wrote:
>Espo is convinced that once you have the secret key, you can make
>signatures and decrypt files. This is nonsense because he (and the
>rest of the planet) now has my secret key but not the passphrase. In
I agree, though I think for that test to be valid you would need to
offer something in return in order for any significant amount of
computing power to be used to attack it. As it is, I think pass-
phrase key size is calculated incorrectly (too conservatively).
(I get into this in more depth in a message I'll be posting soon
dealing with bugs in PGP's Passphrase Quality meter.)
It seems like it would be a great publicity/promotional stunt for NAI
to offer $100,000, maybe even $1,000,000, to anyone who could break a
secret key using a passphrase that they admit is under 20 characters.
Meaning, simply, crackers would only know a range of possible lengths.
It would show just how difficult it is and promote PGP to a lot of
potential users that would otherwise not hear of or consider using
their product. If they followed their own passphrase creation rules
(including mixed case alpha, numeric, and punctuation), the contest
would go on for years (probably long after we're all dead), and get
even a fair amount of free TV attention for the masses. You can't buy
that kind of publicity (well, Microsoft has, but NAI's pockets end
just as Bill's start to expand).
-----BEGIN PGP SIGNATURE-----
Version: PGP 2.6x
iQB5AwUBNeozCNI9Doy6rh15AQEQRAMgxlmfK8YC/RQYHnIsGvtxVc8uC3PO7jJt
cYmBPsObwfSaBeIBMokhEJW6sU3pHEurhyW2BRcgsoPUUhwAguDlK++4mpNWQLcB
bZ2E2qnzXD8enRboeBnBuaqknwJq2CjmhBMOSw==
=X8sT
-----END PGP SIGNATURE-----
Stray Cat
Stray Cat
<camp...@citizenet.com> wrote:
>Stray Cat,
>First and foremost, thank you.
>Second, hmmm. That could be it. The message I'm getting, however, is Host
>not known by DNS server. I'm going to spend a little time figuring this one
>out.
>Chris
Well, if the DNS can't find the IP from the name, then nothing will
connect. You might try using some other DNS servers and see what happens.