Why didn't PGP KickOff/Popularity?
Angel
I used to use PGP awhile back, wayyy back.. and stop using it.
It would intergrate with Outlook and such but I now still see here
and there people posting on NG and such their PGP keys.
I am not paranoid or such but I liked using PGP and keying in my PGP
key of over 45 (letters, number and crazy ASCII ¥?+K¬¢§- characters).
How long would it take to crack the 45-60 crazy PGP key. Minutes?
for the authorities and maybe 24 or so hours for others?
My question is... If I was to use PGP and send the email to someone;
there's the headache of trading public/private keys, and than / or if
they don't even have PGP installed.. what's the use?
Just a thought... I wanted to go back and install PGP on my PC.
and I also recall few years back when PGP NAssoc.'s site was hacked
and the two guys that they had on the site had "L" on their foreheads and
on the bottom saying small text that they were hacked.. funny...
Thanks... I'll go d/led it and hope this time they will support the
COPY / PASTE the code/key onto the field.. and not have to type
it by hand cuz it would be lame and time consuming to type 70
text/no/ascii than confirm it... most of the time it dn't match.
greg.jensen
don't recall ever having the site compromised. No "L" I'm afraid. : )
The only site we ever had compromised was a McAfee site outsourced and
hosted in some Brazilian ISP for that market.
"Angel" <transn...@nospam.hotmail.com> wrote in message
news:Y%309.24597$_M2.9...@twister.socal.rr.com...
xenophon
On Fri, 26 Jul 2002 04:13:44 GMT, "Angel"
<transn...@nospam.hotmail.com> wrote:
*big snip*
>How long would it take to crack the 45-60 crazy PGP key. Minutes?
>for the authorities and maybe 24 or so hours for others?
Ok, a symmetric 128 bit key has 2^128 possible combinations or
3.4028236692093846346337460743177e+38
The way I calculate how secure the passphrase is to compare it's brute
force to the brute force of a 128 bit symmetric key which is pretty secure
these days, so:
There are 95 ascii characters, and you seem to be using most of them.
Lets say you use a pretty random 45 character passphrase as you described.
95^45 = 9.9440256987092460227859230631195e+88
Comparing the numbers, we have:
128-bit key: 3.4028236692093846346337460743177e+38
45 char. passphrase: 9.9440256987092460227859230631195e+88
Just to put this in perspective, a 256 bit symmetric key has 2^256 =
1.1579208923731619542357098500869e+77 possible keys.
Your random 45 character passphrase is much harder to break than a 256 bit
key.
So, to have the strengh equivalent to a 128 bit symmetric key, you need:
log(2^128*)/log(95) = 20 characters (rounding up) And I'm assuming you are
choosing among the 95 ascii characters here.
To have the equivalent strenght of a 256 bit symmetric key, you need:
log(2^256)/log(95) = 39 characters.
So if you can use a random 40 character passphrase, you'll have better
security than a 256-bit key. Now how you remember such a thing is what
intrigues me :)
xenophon
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
iQEVAwUBPUDyrGNGl+6Y3k0tAQF46ggApemRHgsW5/V6pU3eAeYgVyvCmznwfCDV
0yYbsQR6K4IrY2/P6i5BMUq3eiN+WSSwn5qvl11HO9ORaIYtjZMVnCLoaOS75U2s
FPjcCXDGal2Ih/E4vps4QJ5VrHuVOJdFfCZUk8M4LS0FAy4WQNgBafbEFs+Qs5st
Py9AQfSkA8rlFgIKZjk6kud4BAqk3aTNtduyFwXghw1UisNHOANY8cn/LnbJC92S
519tccN5yZ7+zAL2ZFIPvxDnWmQCXJCLLHHuprPPGEjftUpLdansw8tDc+GZyyJz
G/T+0o3YdJPKqU8B/lVy94eXyk7F1GLdc1b3N3RX0XshoihLIJmHaw==
=Ophy
-----END PGP SIGNATURE-----
Angel
On 25-Jul-2002, "greg.jensen" <greg....@attbi.com> wrote:
> Sorry Angel, I was with NAI for many many years in the PGP division and
> don't recall ever having the site compromised. No "L" I'm afraid. : )
>
> The only site we ever had compromised was a McAfee site outsourced and
> hosted in some Brazilian ISP for that market.
>
I know that it was defaced; but this was a long long time ago... awhile
back; I might be wrong but I went to a site where it had defaced
printscreens
of sites and a big talk-about was the PGP site; and sort of being funny that
they sell PGP (Security/Encryp) stuff but their site was/is not secured.
Angel
Thanks for the feedback. I will go ahead and try out the new software
that's on
available... and see what new features are out there...
Charlie Kroeger
news:b8o1kucog8rg5jaqb...@4ax.com:
> So if you can use a random 40 character passphrase, you'll have better
> security than a 256-bit key. Now how you remember such a thing is what
> intrigues me :)
>
Have a look at http://world.std.com/~reinhold/diceware.html
easier than you might think.
C.K.
greg.jensen
always been informed of that, but who knows.
The thing many people forget is a large chunk of the websites out there are
not managed and don't reside at the company they represent. In our case,
NAI up until I left, had always used a large outsourcing firm to do this
where they used, heck, I somebody's firewall, somebody's IDS...etc...etc...
I'm sure you get the picture. Often, companies don't have much say-so in
the security solutions used to house their sites.
Take care!
-GJ
"Angel" <transn...@nospam.hotmail.com> wrote in message
news:i9e09.36010$4T2.10...@twister.socal.rr.com...
Paul Rubin
> Comparing the numbers, we have:
>
> 128-bit key: 3.4028236692093846346337460743177e+38
> 45 char. passphrase: 9.9440256987092460227859230631195e+88
> Your random 45 character passphrase is much harder to break than a 256 bit
> key.
This is a pretty useless comparison. It's like asking "which is more
likely to kill you if dropped on your house while you're at home: a 20
kiloton A-bomb, or a 50 megaton H-bomb?" and answering with some
calculation about difference in blast temperatures. The fact is, if
either one detonates, you will instantly turn into a puff of ionized
gas. So the one more likely to kill you is probably the one that's
less mechanically complex and therefore more reliable, since the only
way you can possibly survive is if the bomb fails to detonate after
being dropped (perhaps because you have managed to intercept and
sabotage it). A much better survival strategy is be far, far away
when they drop it.
Similarly, nobody is going to brute force either a 128-bit key or a
45-character passphrase. Someone reading your messages is much more
likely to do it by finding failures in your protocol or exploitable
bugs in your software (sort of like mechanical failure of a bomb), or
breaking into your computer and getting the files without decrypting
them, or finding the person you sent the encrypted messages to and
bribing/threatening him into revealing the contents so the contents
can be used against you. Past the 128 bit level, worrying about the
key length in terms of brute force search is completely useless.
You might look at the book "Security Engineering", by Ross Anderson,
to get some ideas of what you're up against if you're trying to keep
information secure. Cryptanalysis is the least of your worries.
xenophon
On 26 Jul 2002 13:55:45 -0700, Paul Rubin
<phr-n...@NOSPAMnightsong.com> wrote:
>xenophon <xeno...@NoSpAm.com> writes:
>> Comparing the numbers, we have:
>>
>> 128-bit key: 3.4028236692093846346337460743177e+38
>> 45 char. passphrase: 9.9440256987092460227859230631195e+88
>> ...
>> Your random 45 character passphrase is much harder to break than a 256
>> bit key.
>
>Similarly, nobody is going to brute force either a 128-bit key or a
>45-character passphrase.
Kind of pointless to make this statement too huh? Kind of like saying no
one is going to brute force a 56-bit key two decades ago. You didn't
specify a time frame in your statement now did you? It is common
knowledge that 128 bit keys are pretty damn secure these days, and logic
tells us 256 bit must be as well. Since the original poster wanted to
know how secure his passphrase was from brute force, I wanted to put it
into perspective.
256 bit key == secure for many years to come (FROM BRUTE FORCE)
45 character passphrase consisting of random characters chosen among 95
ascii characters == secure for many years to come. (FROM BRUTE FORCE)
Anyways, I was assuming the original poster had knowledge of the strength
of 128 and 256 bit keys, and thus would be able to relate to the
comparison with the passphrase length.
>Someone reading your messages is much more
>likely to do it by finding failures in your protocol or exploitable
>bugs in your software (sort of like mechanical failure of a bomb), or
>breaking into your computer and getting the files without decrypting
>them, or finding the person you sent the encrypted messages to and
>bribing/threatening him into revealing the contents so the contents
>can be used against you. Past the 128 bit level, worrying about the
>key length in terms of brute force search is completely useless.
Um, the original poster wanted to know how secure his 45-60 character
passphrase would be from brute force cracking, not how secure his
passphrase is in general or what other attacks there are.
>You might look at the book "Security Engineering", by Ross Anderson,
>to get some ideas of what you're up against if you're trying to keep
>information secure. Cryptanalysis is the least of your worries.
I wasn't worried about cryptanalysis to begin with. I was talking about
brute force, and last time I checked, brute force != cryptanalysis.
Maybe you should have recommended that book to the original poster who
was seeking advice, not someone who was replying to a post and only
addressing the issue of brute force.
You give good advice, but it's out of context and addressed to the wrong
person.
xenophon
-----BEGIN PGP SIGNATURE-----
Version: Version: 6.5.8ckt http://www.ipgpp.com/
iQEVAwUBPUG7zGNGl+6Y3k0tAQF7qgf/QUlYd6Qmb0hPvjpk3FbJ+PUQFVicR5nA
mtLCJdev+xeT/l1WdpLmrveG8o3z4/gYBGJEoD1IB/DCApmiabO91lRK3/Agsaxg
VA8LPSl2V9E9xXoBnX0oo0VsAT2hfa3o7404eKSkYVEyYvIvcstOc0NT2QzGNtrp
RbhXkDheyx24O6S3e10hhcxMqEJUS2nXgSYeLy3hjTDeo9YqiNSFYiYE+8yvryDN
umQNeaD0LPm8dRUXWXH6jCncLFE0dbtMPNUgWv0ud089e0nfdGIKWl5C+rwlTiaA
c5p8ud0U5aE8GH2lqAHcFjKEkQCuZs3uHBeyBsa20v37QguSjUx5EQ==
=jRej
-----END PGP SIGNATURE-----
Robert J. Hansen
> one is going to brute force a 56-bit key two decades ago. You didn't
> specify a time frame in your statement now did you? It is common
Do the power analysis for a 128-bit key, please. It's nontrivial, even
assuming your Turing machine is operating at the limits of thermodynamic
efficiency. The last I ran the numbers, breaking a 128-bit key by brute
force requires at an absolute minimum an amount of energy comparable to
that released in a small nuclear explosion.
No-one is ever going to brute force a 128-bit key. It's stupid, utter
folly. Breaking a 256-bit key by brute force requires more energy than is
released in a galactic core explosion. It requires, if I recall
correctly, an amount of energy which would break the symmetry of the
cosmos and cause the utter annihilation of All That Is.
The numbers get really, really sick.
> >information secure. Cryptanalysis is the least of your worries.
>
> I wasn't worried about cryptanalysis to begin with. I was talking about
> brute force, and last time I checked, brute force != cryptanalysis.
Brute force is an accepted method of cryptanalysis. Always has been.
It's the stupidest method, but is sometimes surprisingly effective.
Dave
Hash: SHA1
"Paul Rubin" <phr-n...@NOSPAMnightsong.com> wrote in message
news:7x4remw...@ruckus.brouhaha.com...
> Similarly, nobody is going to brute force either a 128-bit key or a
> 45-character passphrase. Someone reading your messages is much more
> likely to do it by finding failures in your protocol or exploitable
> bugs in your software (sort of like mechanical failure of a bomb), or
> breaking into your computer and getting the files without decrypting
> them, or finding the person you sent the encrypted messages to and
> bribing/threatening him into revealing the contents so the contents
> can be used against you. Past the 128 bit level, worrying about the
> key length in terms of brute force search is completely useless.
The most likely passphrase weakness these days is a keylogger (either
hardware or software). IIRC, the feds used one to get the passphrase of some
drug dealer in NJ and read his PGP-encrypted messages. Countering this
threat requires both physical security on the PC and a utility to detect a
software keylogger (AV programs supposedly don't catch 'em all).
Dave
- --
TANSTAAFL
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: "Rebellion to tyrants is obedience to God." -- Jefferson
iQA/AwUBPULNtFDlyBIDhkSGEQIqvwCgqnNFJlGaPTyy4w5K3NcMB/uXTqMAniPV
dxm4y7J0Ns9FUg/6EekPXbUI
=I4Cg
-----END PGP SIGNATURE-----
xenophon
On Sat, 27 Jul 2002 03:06:15 -0500, "Robert J. Hansen"
<rjha...@inav.net> wrote:
>> Kind of pointless to make this statement too huh? Kind of like saying
>> no one is going to brute force a 56-bit key two decades ago. You
>> didn't specify a time frame in your statement now did you? It is
>> common
>
>Do the power analysis for a 128-bit key, please. It's nontrivial, even
>assuming your Turing machine is operating at the limits of thermodynamic
> efficiency. The last I ran the numbers, breaking a 128-bit key by
>brute force requires at an absolute minimum an amount of energy
>comparable to that released in a small nuclear explosion.
>
>No-one is ever going to brute force a 128-bit key. It's stupid, utter
>folly. Breaking a 256-bit key by brute force requires more energy than
>is released in a galactic core explosion. It requires, if I recall
>correctly, an amount of energy which would break the symmetry of the
>cosmos and cause the utter annihilation of All That Is.
>
>The numbers get really, really sick.
I agree with you there that the numbers are just sick, but I myself just
won't say that 128-bit can't be brute forced quite easily in the future
because of technological breakthroughs of some sort. Nevertheless, the
numbers involved are just incomprehensible.
>> >information secure. Cryptanalysis is the least of your worries.
>>
>> I wasn't worried about cryptanalysis to begin with. I was talking
>> about brute force, and last time I checked, brute force !=
>> cryptanalysis.
>
>Brute force is an accepted method of cryptanalysis. Always has been.
>It's the stupidest method, but is sometimes surprisingly effective.
I stand corrected on this one, just my opinion that "trying every
possible combination" to get the key isn't really "analysis" since
cryptanalysis tries to break without the key and brute force is trying to
get the key.
xenophon
-----BEGIN PGP SIGNATURE-----
Version: Version: 6.5.8ckt http://www.ipgpp.com/
iQEVAwUBPULfR2NGl+6Y3k0tAQHHTQf+OUs4y3PH2jzT5a2yXTqJogOBpqZK1wTE
5gOGL+BZLejbDtc590sr4mZmZ47MTGnAd8k2J6Sj5UIzgkNNm6e7HD/ohZ9OSY15
VT38Zj8iF1ls7XHqRJtl1MponqYeXGZCTACCxM8TD+Y8/07YzcY8LbD4eqRwoQyu
UqtLLYDYfMUc200HR8BqK7v9Z2eb0vmSxf/Z0jll1J+SJhjQ3FqqSFT+wsJ/HtOQ
wB+3pKaBx4skEqtY9ogBQtsBZw+/FOM3V5uF4z8p8+bOTkE52ok8K4OLetJPMe+R
fj0QTzm70J3T/Lem8QdZOabwsAGhZLZAfvFzCfn/xxk+PPWFnH3ytg==
=Uqaw
-----END PGP SIGNATURE-----
xenophon
On Sat, 27 Jul 2002 17:21:17 GMT, "Dave" <a...@xyz.com> wrote:
>The most likely passphrase weakness these days is a keylogger (either
>hardware or software). IIRC, the feds used one to get the passphrase of
>some drug dealer in NJ and read his PGP-encrypted messages. Countering
>this
>threat requires both physical security on the PC and a utility to detect
>a software keylogger (AV programs supposedly don't catch 'em all).
>
>Dave
That's absolutely right. It wouldn't matter if you had a 100 character
passphrase, it would do you no good if you someone were to black bag job
your computer and put a keylogger of some sort on it. The keylogger
wouldn't even need network access (could be caught by firewalls) because
they could always come back at a later date and retrieve their bounty. I
think that's what they did in your case above anyways. I wouldn't even
trust a utility to detect a software keylogger, because I wouldn't want
them to get that close to my PC to begin with!
xenophon
-----BEGIN PGP SIGNATURE-----
Version: Version: 6.5.8ckt http://www.ipgpp.com/
iQEVAwUBPULhPmNGl+6Y3k0tAQFCXAgAmTmZfeyNroo99AaAwvI6VpHCzlBkj7xY
tHVb8UARKz0Fe5DSIjtd5kGTcb7ojdwFOYPe6yOZvl9W/6BoBilGcGfp5zwSdG4S
ntejVrJXFG+E8qE67/S8B58+DfUc7+t9CkaCfwCZaWZBDASNrf3CiHTRdnAR+fvk
7mfTgCxtTxvkmlOkkmzu/IhEzwuyFoRx7DlEqkNDmoyWvlyyMTxabyoDzbpb44Gx
4q0JdYYhUe3RAedrSRVbYxfY9HE7PI8RlnfqCcuNaXwuQacj8S8A9EvOrUtUzHah
l3BIDUZ4Bs1bIpfH6FEvvhqMNG/FPaGCnAKeGa6GDVoGeavtfY8h3Q==
=hzYa
-----END PGP SIGNATURE-----
Robert J. Hansen
> won't say that 128-bit can't be brute forced quite easily in the future
Even assuming quantum crypto, you're still looking at a task of complexity
2**64. I am _not_ worried.
> I stand corrected on this one, just my opinion that "trying every
> possible combination" to get the key isn't really "analysis" since
> cryptanalysis tries to break without the key and brute force is trying to
> get the key.
Cryptanalysis is not about the key. Neither is brute-forcing.
Cryptanalysis is about trying to recover the message without knowledge of
the key or, in many cases, the cipher which was used. If you recover the
message--congrats, you've done cryptanalysis.
Kiril Karaatanasov
Actually no algorithm for encryption is perfectly secure and does not
leak any information what so ever, moreover consider that most
encryption schemes(S/MIME,SSL) do leak some information although most
poeple including me can only see that information is leaking and are
not able ouse that fact. At least as of my and anyone else's
knowledge, I guess.
My wild guess is if US allows export of 128-bit encrytion it is NOT
secure in any way. Otherwise why rely on information gathering systems
on communication satellites?
What I mean is that different algorthms are based on different
mathematical paradigms often NOT quite clear at popular level and even
in society of scholars. May be some of the algorithms one would use
with PGP when using 128-bit symetric key are just as strong as a
perfect algorithm with say 40-bit?
How long does it take for your PC to crack the 40-bit? (To let you
know an hour sounds like too much)
On the other hand all information packaging algorithms prior to
encryption use standard headers. As you may guess now an eventual
cracker knows several combinations of data encrypted with your MOST
secure 256-bit key. Fortunately algorithms are so made that knowing
one or several combinations does not reveal the secret but again it
limits the possiblilities quite a bit does not it? Another thing is
that most programs have some standard algorithms for random number
generation, these are supposed to be secure, but how do you know? And
even if they are "secure" a potential cracker guessing the system you
used, the time for message cmpositin etc. from unencrypted headers,
limits the potential keys one more time. Now taking some wild guesses
on your data reveals more (MIME headers don't you use these, quite
standard are not they, do you compress the text you send, may be the
subject line tells something more say a word document attached, there
is plenty of useless data a cracker might use in a word document). May
be even the use of only ASCII chars in your message leaks additional
information e.g. the dat you encrypted is not evenly spread over the
8-bit sprectrum, may e this tells to a cracker quite a bit about your
key.
At the end what is left from your 256-bit? Is it not brute force
vulnerable?
And may be just may be the gov knows things I cannot imagine. Say they
know how to factor a number occuping no less then 2048-bits in a snap.
(No one is sure that this ain't possible, we all hope). Maybe then
just when you submit your password to hotmail actually your session
key is issued by the satellite in the middle that has just generated a
new certificate for hotmail signed by "VeriSign". Do you check the sum
each time?
Dave
Hash: SHA1
"xenophon" <xeno...@NoSpAm.com> wrote in message
news:ivn5ku0lod1d6c72a...@4ax.com...
> I wouldn't even
> trust a utility to detect a software keylogger, because I wouldn't want
> them to get that close to my PC to begin with!
Which "them" are you referring to? The utility writers? Unless you're
enough of a computer geek to write your own detection utility, sooner or
later you gotta trust *someone* to be on your side vs. the jackbooted ones.
Otherwise you're wide open to software keyloggers, since (as you note) they
can be installed offline. (I'm thinking of the software the
Japanese-American spy got his Chinese honey to put on her computer in the
Tom Clancy novel "The Bear and the Dragon.")
Hardware keyloggers, OTOH, can be thwarted with simple physical security
(both to your residence and your PC). Most of the ones I've heard of simply
attach to the PS2 port between the PC and the keyboard cable, and are
therefore easy to detect/remove/destroy. I'll assume for now that similar
loggers are available for USB keyboards.
Dave
- --
TANSTAAFL
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: "Rebellion to tyrants is obedience to God." -- Jefferson
iQA/AwUBPUqqiVDlyBIDhkSGEQLanQCgtacW0s7bYHbARQjfMfVFF6HSVUAAoNj0
N8myQUdPaDhYJZHraIfGuMmh
=XCs5
-----END PGP SIGNATURE-----
Thomas J. Boschloo
>
> I used to use PGP awhile back, wayyy back.. and stop using it.
>
> It would intergrate with Outlook and such but I now still see here
> and there people posting on NG and such their PGP keys.
>
> I am not paranoid or such but I liked using PGP and keying in my PGP
> key of over 45 (letters, number and crazy ASCII ¥?+K¬¢§- characters).
>
> How long would it take to crack the 45-60 crazy PGP key. Minutes?
> for the authorities and maybe 24 or so hours for others?
It would take only minutes in your case.
<http://www.security.nl/artikel.php3?id=3304>
> Thanks... I'll go d/led it and hope this time they will support the
> COPY / PASTE the code/key onto the field.. and not have to type
> it by hand cuz it would be lame and time consuming to type 70
> text/no/ascii than confirm it... most of the time it dn't match.
If you are pasting it, why not have PGP read your passphrase directly
from the file you are copying from? That would save you even more work!
Regards,
Thomas
--
Alec Empire: "Anything worth having is worth fighting for"
My boring homepage <http://home.hccnet.nl/t.j.boschloo/>