| Leonard Rosenthol on Sun, 27 Aug 2000 16:11:36 -0400 (EDT) |
|
At 3:04 PM -0400 8/27/00, Charles Stack wrote: What is particularly disturbing to me is that people are calling the inclusion of ADKs a design oversight or a bug. It is neither. I think you've definitely been looking for too many black helicopters lately - there is no smoking gun here. I also find it disturbing that NAI already has a solution to the problem (as if they knew it would surface sooner or later). What gave you the impression that they "already had a solution"? Because they got the fix out quickly? I am as equally appalled that nobody external to NAI caught this issue until now (when was PGP 5.5 released?). Its clear that we can no longer trust NAI or any other proprietary security provider to honestly be concerned with our privacy. The only alternative is the open sourced versions. But, we've seen how well that worked as GNUPGP also fell prey to the ADK issue. Excuse me, but PGP IS "open source" - at least in the fact that the sources to PGP have been published (read publicly available) since day one! Why did no one find this problem sooner - it's a VERY large base of code and I suspect that people were looking for holes in more obvious places first. I do think, however, that now that one "hole" was discovered, some people (perhaps yourself?!?!?) will start looking more closely at other areas of the code that haven't been as well reviewed. I'd still love to know what the terms were regarding the "legalization" of PGP in this country. Obviously, key escrow was one item agreed upon. And, given the known involvment of the players (RSADSI, Security Dynamics, NAI, US Gov't (ala Al Gore and Janet Reno)), can we even trust RSA's own products or even SSL to be protecting our interests? Again, the sources for RSA's algorithms and their Crypto-C, Crypto-J and Crypto-SLL implementations are available, as our the sources for things like Crypto++, OpenSSL, etc. If you think there's a problem - go read the code! RSADSI published a paper regarding an attack against Elliptic Curves (109 bit) and determined that EC's of the length can be cracked within a year. Given that EC's algorithms typically work with keys that are 160 bits in length, is this merely an attack on EC to maintain the RSA fifedom? I think it's simply the first finding against EC. EC is new enough that it's taken this long for someone to find out a way to crack small key length - though it's also been around long enough to show that it was HARD to find that hole.
|
|