|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] PGP ADK Vulnerability.
|
What is particularly disturbing to me is that people are calling the
inclusion of ADKs a design oversight or a bug. It is neither. I also find
it disturbing that NAI already has a solution to the problem (as if they
knew it would surface sooner or later).
I am as equally appalled that nobody external to NAI caught this issue until
now (when was PGP 5.5 released?). Its clear that we can no longer trust NAI
or any other proprietary security provider to honestly be concerned with our
privacy. The only alternative is the open sourced versions. But, we've
seen how well that worked as GNUPGP also fell prey to the ADK issue.
I'd still love to know what the terms were regarding the "legalization" of
PGP in this country. Obviously, key escrow was one item agreed upon. And,
given the known involvment of the players (RSADSI, Security Dynamics, NAI,
US Gov't (ala Al Gore and Janet Reno)), can we even trust RSA's own products
or even SSL to be protecting our interests?
RSADSI published a paper regarding an attack against Elliptic Curves (109
bit) and determined that EC's of the length can be cracked within a year.
Given that EC's algorithms typically work with keys that are 160 bits in
length, is this merely an attack on EC to maintain the RSA fifedom?
Okay...Okay...I sound like a consiracy nut. But, I find the history of the
Clipper chip failure, the legalization of PGP (including RSADSI's CEO's
large donations to the DNC), Carnivore, Eschelon, and Promis more than a
little disturbing. The current administration is not concerned about your
privacy. They attempt to put forth that face and the American people are
biting hook line and sinker. And, why is it that the VPs e-mail messages
are missing? Does anybody really think that the "inventor of the internet"
doesn't know how to back up his e-mail? Or, that he doesn't know how to hire
competent people to do it for him?
Just do a search on Yahoo or another search engine and look for things like
"Encryption Policy Gore Clipper Executive Order" and then follow the links.
Yes, there are links back to the Bush and Reagan era. Many links point to
consipacy sites. But the number of documents surrounding Reno and the
Clinton adminstration on this topic are well worth the read (if even for
comical relief).
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|