Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PGP how secure?

  • 20-10-2003 6:55pm
    #1
    Closed Accounts Posts: 2,204 ✭✭✭


    Just wondering about using PGP is it a random encryption? How secure is it exactly? Do companies use it for transferring sensitive information?


Comments

  • Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    imagine every single computer working together multiplied by the age of the universe on average,,

    and you still mighn't crack a single pgp encrypted message!


  • Registered Users, Registered Users 2 Posts: 1,328 ✭✭✭Sev


    Originally quoted by William Crowell, Deputy Director of the United States National Security Agency, March 1997

    "If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message."


  • Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    thats the one sev

    damn my google skillz today


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    That was nearly 7 years ago.
    Computers, not to mention NSA's annual budget has come
    along way since then.
    Also, why would they want you to think it easy for them to
    break a single message?
    They can't?..Thats just naive.

    I don't see what interest NSA would have in general public e-mails.
    I don't mean to be cheeky, but do you expect the NSA to be
    interested in yours? hardly.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,594 Mod ✭✭✭✭Capt'n Midnight


    260m x 12m x 12bn years = 3.744 E25 computer years

    But moores law suggests (speed doubling every 18months - 82.3 doublings ) that in 123.5 years time one computer would do it in a single year. :)

    Though the us gov't could use a million computer (cf. SETI) to crack it in one year 30 years earlier...

    [edit] ok in 126.5 years then,,,,


  • Advertisement
  • Closed Accounts Posts: 2,204 ✭✭✭bug


    heh so pretty secure then :D ....thanks


  • Registered Users, Registered Users 2 Posts: 6,762 ✭✭✭WizZard


    If the NSA wanted to read your PGP encrypted message they would not spend billions on *just* computing equipment, they would just try to discover your keys! A lot easier...


  • Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    Originally posted by Average Joe

    I don't see what interest NSA would have in general public e-mails.
    I don't mean to be cheeky, but do you expect the NSA to be
    interested in yours? hardly.

    how do you know what bug's email's will contain..

    i think nsa would be well concerned if r00t passwords for their machines were been emailed in confidence and nothing could be done about it!

    private companys use pgp too!


  • Registered Users, Registered Users 2 Posts: 1,038 ✭✭✭rob1891


    PGP is as secure as your public and private keys. If you don't protect these, and the private's passcode too, then it's not all that secure. The encryption is so strong that no one is going to try and break it that way. More likely, they'll storm your home/workplace, steal your equipment, shoot your children, and then demand the passcode.

    At least, that's how I'd do it! :ninja:


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,594 Mod ✭✭✭✭Capt'n Midnight


    no need they'll just activate code built into the BIOS to log keystrokes - where do you think intel are getting the money to push centrino ;)


  • Advertisement
  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    I wasn't neccessarily talking about the interest in bug's e-mail.
    More so about lack of interest in majority of people who use PGP.
    Unless Osama Bin Laden uses PGP, or bug is a terrorist stealing root passwords from NSA ED-209 super-computers, e-mailing.. some information critical to "national security" of U.S, why bother.


  • Closed Accounts Posts: 2,204 ✭✭✭bug


    or bug is a terrorist stealing root passwords from NSA ED-209 super-computers, e-mailing.. some information critical to "national security" of U.S,.

    hey! it took me two days to figure out how to install and set up IRC.:D I hide my ignorance relatively well.

    computers eh?


  • Closed Accounts Posts: 15,552 ✭✭✭✭GuanYin


    Ya know bug, you really are a paranoid young lass.


  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    Originally posted by rob1891
    PGP is as secure as your public and private keys. If you don't protect these, and the private's passcode too, then it's not all that secure.

    PGP is fundamentally just as secure as the algorithm used at the heart of it for the encryption process. I simply do not trust it as being secure enough against attacks from well funded government agencies. There have been too many 'unbreakable' systems over the years and I have actually broken some of them. ;)

    However I think that a massive chosen plaintext flaw exists for many PGP users that would reduce the complexity of an attack on PGP encrypted data. (It is a blindingly obvious one to most cryppies but it does not apply to all cases - just encrypted files.)

    How a government deals with obtaining the keys depends on the threat level that the PGP user poses to a government agency. The government agency can use rubber hosepipe cryptography and beat the keys out of the user. This is perhaps an easier solution, especially if tricky questions like Human Rights do not apply. However a blackbag job on the user's premises may be the simplest option.

    The encryption is so strong that no one is going to try and break it that way.

    While the algorithms in PGP are open to analysis, there is always the possibility that a government agency has potentially compromised them by using an unknown approach or algorithm. Besides what would happen if a system that could evaluate all possible keys to the core algorithm existed?

    Regards...jmcc


  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    Originally posted by Sev
    "If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message."
    Originally quoted by William Crowell, Deputy Director of the United States National Security Agency, March 1997

    Nice bit of disinformation in that quote. Sev :) It was intended for the idiot technology journalists who do not understand crypto but simple enough to let them sound convincing. :) The same arguments were used for DES. (Though the real reason that DES was dropped as a USG standard may have been the massive attack on it by satellite tv pirates in the US.)

    The DES crack approach was to use a massively parallel attack with a properly designed system based on microcontrollers rather than PCs. PCs are inefficient for this kind of operation and simpler, well coded logic and microcontrollers work far better. Therefore it may be possible to develop an attack on the core algorithms of PGP using a similar device. The cost of the device would be high (perhaps only governments could afford it).

    Regards...jmcc


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Course in the UK the rubber hose is not required, they simply need to subpoeona the keys under the Regulation of Investigatory Powers Act 2000. The Brits can thank good old Jack Straw for that one.

    adam


Advertisement