So if PGP is almost uncrackable, couldn’t spies use it to communicate messages to their countries??? Could the USA govt, CIA or FBI do anything about it???
I thought earlier versions of PGP has a backdoor built in by the government in order to prevent just that. The later versions have resolved it but I’m sure there’s a way around breaking the code directly.
>> I thought earlier versions of PGP has a backdoor built in by the government in order to prevent just that.
SouprChckn, AFAIK, that is nonsense. Can you provide any support for that? I have been using PGP for years and I’d like to know. Seeing how things have gone between the US guvmint and Phil Zimmerman I have to doubt that very very much.
Well, I THOUGHT that there was a backdoor but I guess it was a bunch of crap I read somewhere. If they freely distribute the source code like I just read, the likelyhood of there being a backdoor that no one has found is prolly nil. But if anyone has the resources to break a PGP encrypted message, it would be our government.
Back to the OP, PGP is freely distributed around the world unrestricted. The FBI, CIA and U.S. government can’t do anything about it.
No offense, SouprChicken, but the US government did “try to do something about it.” PGP was only (finally) granted an export license in late 1999 (you can read about that here . Prior to that, exporting PGP was literall classified as smuggling munitions.
And, no, “the government” had nothing to do with the design of PGP. so theere’s no way they could have put a back door into the code. If they had, they would almost certainly have encouraged its export in the hopes that it would be used by various people we’re trying to spy on. Perhaps you’re thinking of the proposed clipper chip , which would definitely have had gummint access built in.
That wasn’t PGP, but another ecryption scheme the government was trying to establish a few years ago. It provided encryption, but did have a backdoor. Don’t recall the name, but it never was established.
Yes, PGP is “almost unbreakable”. This stems from the length of the encryption alogrithms used to encrypt it and the necessity of keypairs to unencrypt messages so encoded
At one point, as already mentioned, it was (and still may be) unlawful to export high-level encryption systems to certain areas. I have PGP on my desktop PC at home, and on my wife’s laptop. If I wanted to take it the laptop to Canada, I doubt I’d have a problem. If, OTOH, I took twenty floppies with the latest version of PGP with me on holiday to Cuba, and the US Customs agents knew about it, I doubt I’d be smoking Romeo y Julietas with Fidel any time soon.
Given enough time and permutations, any encryption system can be broken. PGP and the like use high-number keybits to ensure that the decrypt time by attackers is as long as possible.
Having said all that (and if a bona fide math guy or gal would come to this thread, I’d be obliged), agents and spies alike probably do use encryption systems like PGP to communicate. Or they use stegography, wherein information can be hidden in a graphical image. However, if your traffic is being monitored, the messages you’re sending can be intercepted. Whether or not they can be decrypted is another story. If there’s a trojan on the agent’s computer that can record keystrokes, then their keys are compromised. Without the key, or twenty years on a Cray (slight exaggeration), messages using 1024-bit or higher are effectively sealed.
This is certainly timely. I just finished reading the new DNRC newsletter, which I’m sorry to say isn’t at that page yet, but I’m sure will be soon. In it, Adams reports that some wag has added “Elbonia” to the list of countries his software is not to be exported to.
You’re probably thinking of DES, the Data Encryption Standard. It wasn’t so much a backdoor, as it was the keyspace wass limited and some pieces of the algorithm were weakened by NSA folks working in conjunction with the DoD and the private researchers who developed the algorithm. A newer algorithm, tripple-DES, (also called 3DES) is much more secure.
Yes, they could and they probably do. It’s important to remember that groups like the NSA are years ahead of the private sector in terms of cryptanalytic technique. Only recently was it discovered that the UK’s equivilent to the NSA (I believe it’s called the Government Communication Headquarters, or something) had invented public key algorithms and session-key exchange protocols years before Diffie and Hellman released their work.
The public-key algorithms used in PGP are only used to encrypt session keys, which are used to encrypt the actual method via a plain old symmetric algorithm like 3DES. There’s no reason to think that the NSA doesn’t have very sophisticated techniques, or at least, extremely big computers (IBM and SGI have produced several machines of a classified nature for NSA and DoE and DoD) to commit to the problem.
The only thing that’s going to keep your email secret, in the long run, is that it’s actually uninteresting enough for anyone to care. Which is why I don’t bother to encrypt my email at all.
Distributed.net have been working on the RC5 64 bit key for 3.5 years or so, and have got half way through. Even if you assumed an amazingly fast machine that could (say) break that key in 1 year, it means it would take 9.7453 x 10^288 years to break the 1024 bit one, wouldn’t it?
Of course, the universe would have ended by then…I don’t think 20 years was that much of an exaggeration
I dunno much about encryption though…maybe the RC5 encryption is more difficult than PGP’s. And, of course, this all goes out the window if you have a working quantum computer, or some new maths technique as yet unreleased to the mere mortals.
Oh, you can make anything pretty much impossible to find and decrypt. Triple-encrypt it with competing algorithms, and use steganography to hide it in a RATM MP3 file, or in a “N00d3 Cheryl Crowe JPEG”, or in a random Autocad drawing, and you can essentially make it impossible to find or decrypt. It’s a matter of effort and care, though, and people get sloppy, or they get careless - that’s how they are caught most often when there is a concerted effort to find and decrypt a message.
For a general history and the basics of encryption I recommend The Code Book by Simon Singh.
For the story of recent (30 years) developments (asymmetrical encryption, PGP, etc) I recommend Crypto by Steven Levy. There was a 10 page extract of this book published in the Jan 15 issue of Newsweek.
Both books are well worth reading for anyone interested in the subject.
…It was thankfully pretty much a joke. Totally aside from the issue of government intrusion into private affairs it wouldn’t have worked.
The trick is basically what Anthracite pointed out. Simply run PGP on your file and then send it out. The Clipper chip would encrypt your encrypted file. If the government decided to pry your file open they’d strip off the Clipper encryption to be faced with the PGP encrypted file.
I believe you’re talking about the clipper chip. The algorithm it used was called Skipjack, designed by the NSA specifically for use in communications hardware with the key escrow scheme that the gov’t was pushing a few years back.
There was actually a lot of controversy when PGP was granted the export license, people thinking that since the programmer (Phil Zimmerman) was jailed for supposedly exporting it, they must have added a back door or other intentional flaw for export to be allowed.
Zimmerman has stated that as of his departure from the company, there were no back doors (version 7.0, I believe).
My personal preferences aside, there’s nothing special cryptographically about PGP. It uses a 128-bit symmetrical cipher (IDEA originally, now options include Blowfish, CAST, 3DES, etc) to encrypt the actual data with a randomly generated key, and a variable keysize asymmetrical cipher (Formerly RSA, current versions have moved to Diffie-Hellman) to transmit the 128-bit session key securely.
The only thing that makes PGP special is that it was widely and freely distributed, and has always been easy to use.
Can it be cracked? Of course. The trick is that the easiest way to crack it (publicly known) is to search the 128-bit keyspace and try every possible key. As stated earlier, that will take longer than the age of the universe, since 2[sup]128[/sup] is a really huge number. There are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys.
The asymmetrical side of the equation is the one that’s really interesting. Is there a better way to recover the message than trying every possible key? Yes. Is there a good way? We don’t know. The public key is mathematically related to the private one, so it is theoretically possible to calculate one given the other. But the trick is that it involves factoring a number that is the product of two 1024, 2048, or 3072 bit primes. There is no publicly known way to do this efficiently, so as far as we know, it’s secure.
But the NSA is the largest employer of mathematicians and cryptographers in the entire world. They also have computer farms (14 acres, last I heard) that do nothing but crunch numbers, and it may well be that in the last 10 years they have found ways to factor large numbers easily. We won’t know until civilian mathematicians make the same discoveries independently, because the info would be classified if it exists, just like differential cryptanalysis and public key cryptography were for a number of years until they were discovered in the public sector.
Re: Anthracite’s comment, yeah, if you take enough steps, you can be assured of security, but the problems with doing that are that the system becomes unusably complicated, and you can’t rely on obscurity of the method to keep your information secure. Eventually somebody will figure out how you’re doing it if they work hard enough at it. Ideally, all that should require secrecy (aside from the message, of course) is the key.
False_God said:
That’s almost true. There is a way that your data can be kept absolutely secret: It’s called a one-time pad. You have to have completely random data (the key) the same size as your message. You add them together, and transmit the result as the encoded message. You then discard the key data that you used, and never use it again. This can never be broken, because it is completely random. There is no way the attacker can know if he’s found the right message, because as he tries all keys, he will find all possible messages of that length. The drawback? You have to exchange the key with everybody who needs to decode your messages. And if you can transmit a 3-page key securely, why not just transmit the 3-page message securely and not bother with the encryption?
But overall, it’s much easier to get the message before encryption (surveillance) or else beat somebody until they tell you the key (“rubber-hose cryptanalysis”).
>> The only thing that makes PGP special is that it was widely and freely distributed, and has always been easy to use
Very true. It does not use anything new but it made it easy and practical for the masses to use encryption. It is also ingenious in that it encrypts the message with a symmetrical and random key and then encrypts this key with the asymmetrical key and transmits the message (encoded with the one time key) and the key (encoded with the recipient’s pblic key). This also allows one message to be encoded for several people as you include the same coded message and the key encoded with as many public keys as recipients.
The book I mentioned, crypto, has a good history of the “cypherpunks” against the US government, the clipper chip, etc.
Note also that if the government has found a way to crack PGP (or any other system), the last thing they’ll do is tell. There is nothing more valuable than a cracked cypher because it allows you to read the messages that the author thinks are safe.
There had often been cases of not using information gained by decyphering messages so as not to tip the enemy that their code had been cracked.
The Zimmerman telegram is a good example where the British had to make the Germans believe they got the information from another source before they could use it.
After WWII the UK supplied their colonies with enigma machines, never telling them they had cracked the Enigma years ago.
The last thing the government would tell you is they had cracked PGP. On the contrary, they want you to feel secure and open up all your secrets knowing they can’t read it.
The NSA may well be the single largest employer of mathematicians, but academia as a whole has many more. Even if an NSA-employed mathematician did make this discovery, though, I doubt it could stay secret for long. An algorithm for easily factoring prime numbers would be the biggest advancement in number theory since Euler, and even the U. S. Gummint would have a hard time getting its discoverer to sit on it.
Of course, they do have other ways to bypass the encryption, without actually cracking it. One of the more imaginative methods proposed is to attempt to crack the random number generator used to create the keys, rather than the keys themselves. Unless you’re using thermal noise or a lava lamp or some such to produce your random numbers, the NSA can probably use such methods to read your mail.
Other posters have addressed the vulnerabilities of PGP pretty well, but the main point of the OP is whether spies could use it. The answer, in general, is “no” because sending PGP’d or other encrypted content sends up a red flag to anyone monitoring traffic. Of course a spy could use a stolen or pseudonym account to send mail through anonymous remailers, but if the MIBs get interested in the source of the encrypted traffic, it’s not too hard to backtrack to the source. PGP alone might be okay for infrequent messages, but if you’re sending frequently, you’ll draw a lot of attention.
If you’re interested in avoiding large-scale surveillance, encryption is just one link in the chain. You also need some hidden or side-channel method to conceal the fact that there’s a message in the first place. In a world full of free anonymous web hosting, steganography works well, but there are myriad other side-channel carriers available.
Eventually, everyone will use encryption for email for the same reason that they send business documents and personal correspondence in envelopes instead of postcards. Then the assumption that encrypted traffic has some nefarious purpose will no longer be valid. Until that time, there’s an assumption of guilt for anyone using crypto, and a spy won’t last long if they ignore that fact.
As far as software goes, there are still certain products that may not be exported to certain places, and those places vary depending on the type of software. The move is to change the export classifications of many types of software to a “retail” status, allowing much greater exportability. But there are some products that still can only be sold within the U.S. and Canada. Those should be getting fewer and fewer, as long as the Bush administration takes the same attitude as the Clinton administration did. In fact, Bush will probably be more lenient than Clinton was, because reduction of export restrictions is such a huge benefit to business.
Of course, there are still those embargoed countries that cannot be exported to, and there is the Denied Parties List, which prohibits sale to certain groups and individuals.