[Top] [All Lists]

Re: PGP evolving, improving

1997-11-24 01:56:36
David Sternlight wrote:

I became aware of the post below only indirectly. I'll comment.

there are some things that are obviously wrong, and some things that
are, well, not quite absolutely wrong.  Regardless, this is not really a
forum for bashing PGP Inc and their product, although it seems like it
at times.

I'll just add what I know to your comments.


At 5:30 PM -0800 11/22/97, David Sternlight wrote:
And while you're introducing gratuitous issues unrelated to the
why did PGP disable RSA key generation in Free PGP 5.0, and remove RSA
compatibility completely from Free PGP 5.5

Very simple.  How can we with good conscience allow users to generate
which we don't feel meet our security standards?  We can't.  Case

This is a bogus explanation for two reasons:
1. PGP Inc. disabled RSA key generation in free PGP 5.0 but kept it in most
versions of pay PGP 5.0.

I agree that there are lot of questions here... 

2. Their "explanation" wasn't about RSA keys but the MD5 algorithm (see
below). Yet :
a. MD5 is a hash function not an encryption algorithm.

OK.  Actually there are concerns with PGP.  It is not with the RSA
algorithm, that remains strong, and it is not with the actual RSA
usage.  Rather, it is with the format of the 2.6 packets and

As I recall, the flaws are:

  * create an arbitrary ID, and therefore spoof a key server
  * create a key with the same fingerprint as another, under
    some conditions, and thus spoof the server/key.

For more detail, check out Gary's HIP-paper on  I should note that PGP Inc have
stated that all but one of the issues was known and fixed.

So there are problems with the old PGP system.  But, and it's an
important but, these (key) problems only effect keyservers in general. 
As most people don't use key servers, this is not a tremendous problem,
and certainly not justification for dropping the old formats.  It is of
course more important to PGP Inc as their products use key servers

As to the MD5 weakness, yes, you are correct there: theoretical
weaknesses do not mean an unseemly dumping of the existing user base is


FP: 1189 4417 F202 5DBD  5DF3 4FCD 3685 FDDE on

<Prev in Thread] Current Thread [Next in Thread>