I saw an article on television about PGP versions 6 and later have a "hole" in them because RSA gave in to government pressure. It appears that "Uncle Sam" doesn't want "Terrorists™" to "Threaten National Security™". The hole supposedly allows the government to read PGP encrypted messages. Is this true? Has anybody heard of this?

Doubtfull to say the least. If the gov. wants something bad enough (eg. to read an encrypted message) they will devise a way to do so. Encrypting is just another level of protection against little skript kiddies. Every step is a step in the right direction.

If you need extra protection, you could register for a secure e-mail account and send your pgp encrypted message with a password on it using the providers encryption aswell.
www.ziplip.com
That is the first one that comes to find. It's free so that is a bonus.

Well, if they talk about it on TV it's probably wrong ;).
No, honestly: I think that some versions of PGP following PGP 6.0 contained a backdoor for the government because until then, the software was open source what means that you can download the source code, look for a backdoor and if you're sure that it only does what it's supposed to do you can compile it. Afterwards, there were some versions which were not Open Source, but at least version 8.0 was open source again, so that one should be clean.

If that doesn't make you feel safe, you can also use GnuPG (http://www.gnupg.org/index.html.en), a version of PGP which is written by some people for the sake of anonymity and not for a company, so the probability that someone has put pressure on them in order for them to implement a backdoor is rather low.

If the gov. wants something bad enough (eg. to read an encrypted message) they will devise a way to do so. They will try to find a way to do so, that's sure, but they will not necessarily succeed. Few people really know if they are able to decipher messages which are encrypted with algorithms that are called "secure" - I don't think they can unless the encryption program contains a backdoor. Why should they? There are many excellent cryptographs who want people to be able to stay anonymous who think that these "secure" algorithms really are secure, and why should the crypto-analysts of government institutions be so much better? They have a lot of money, and money is always an advantage, but I don't think that it's enough.

Looking from a mathematical angle I can at least say that there are operations which are easy to do but hard to undo. In our case that would mean: Without knowing the appropriate passphrase, it is easy to encrypt a message, but decrypting it is hard. Look at the following simple example (which has indeed something to do with cryptography): We have two large integer numbers a and b which are prime. Multiplying them is easy and doesn't take much time. Let the result be c. If we now start from the opposite side and let c be given while a and b are unknown, it is a very time-consuming process to determine a and b out of c.

In other words: There are problems for which there is no known efficient approach, i.e. even with computers that are many many times as fast as those available today it will not be possible to solve them if the input for the problem (e.g. the number of decimal places for a and b in the example above) is more than just "a few". In my point of view, the only weak spot is whether or not there is a different, efficient approach, but why should people working for the government be more likely to find it than other crypto-analysts?

I may be mistaken but i remember an article i read some time ago that was about encryption programs and they stated that the NSA does get a "master key" to any encription program as a matter of national security.

There were a couple of guys who posted a program on the net and got nailed by the gov over it.
I am not sure but it may have been PGP.

Phaid, the thing with the "master key" reminds me of something with Windows. Are you sure it was about encryption programs? If so, a link to the article would help. The same thing applies to the end of your post which is a little vague IMHO.

Here is a link in referance to the ability of the gov to get the "keys"
http://www.cdt.org/publications/pp_5.22.shtml/

I will have the story on the guys who got nailed as soon as i find it.

Here it is.

http://www.cypherspace.org/adam/timeline/

There is no such thing as a "master key" to most encryption software. They may have forced the companies to add a crypographic weakness which would allow them to crack it, but a master key is a definite impossibility.

I'm not 100% sure, but I'd say that the first source you mention is obsolete. It's from 1999 and cryptography law has changed since then. As far as I know there are no more crypto-regulations in the US. Apart from that, a backdoor in an open source program is likely to get removed rather fast, especially in non-commericial software.

I couldn't find the part with someone getting legal problems in the second source, but that's probably due to myself because I only had the time to skim through the text.

Personaly i think your safe with the encryption programs unless the the Feds have a real issue with you.
Most local cops probably dont have the skills to find simple hidden files let alone encrypted ones.

The first link i posted was from a site that keeps up with the laws up to date, i just shot a link to the first article that i saw that related to the subject.

It was part 4 that talked about their hastles with the gov.

While programming wise PGP my be 99% secure it isn't the programing that can make it insecure. The Human Element is often the weakest link in encryption. The person that sets the password has to remember it, or make sure someone else will remember it so often they will make it short or something easy to remeber such as a name or common quote. A bit of social engineering can go a long way in trying to retrive a password.

PHAID, I read part 4. It was about exporting regulations of crypto software which have been repealed now in the US, so that's not an issue anymore today.

Some cryptographic algorithms have a feature called "key escrow" where a trusted entity (i.e. the government) maintains a set of encryption keys.

Under a key escrow system, the messages are encrypted to the recipient AND to the key which is held in escrow.

If the recipient ever loses his key (i.e. refuses to incriminate himself), the government can use their escrowed key.

PGP doesn't utilize key escrow technologies. The governments choice of key escrow technologies was the faulty and failed Clipper initiative.

I believe PGP is secure. Why do I believe this? Mostly because the source code to PGP is publically available. It is difficult to hide in plain sight. However, Phil Zimmerman is also back at PGP Corporation now -- and Phil is no government bootlicker.

I know that the later versions of PGP have a form of escrow, as it is used by one large company I know to encrypt the disc drives in case the laptops are stolen. The security team keeps an escrow copy, so data can be recovered. I think it is PGP 8 Corporate they use. They will have tested it for security before rolling it out, too.

It may be possible for an administrator to set a rule that in every encryption process a certain key will be automatically added to the recipients. But that does in no way mean that PGP does that without setting this option active in the admin tool.

the American and allied governments have access to the most powerful computers in the world, any message they wanted to see they would be able to crack via brute force without a back door unless you used some crazy key length...

the American and allied governments have access to the most powerful computers in the world, any message they wanted to see they would be able to crack via brute force One would guess! But this assumption is wrong. The reason is that the number of possible password in dependence of the characters the password has is exponential. Look at the following (fictional) example:

Let's assume that many years ago our dear feds wanted to attack a secure algorithm with brute force. They only had a computer with one single MHZ, but they nevertheless found a comparatively efficient attack algorithm which could try 1,000,000 passwords per second. On average the correct password will be found after trying 50% of all possible passwords. If the password is composed of uppercase characters, lower case characters, numbers and 20 signs like ".", ",", ":", "%", all in all 82 possible characters, they could find out all passwords with a length of ~7.21 characters or less if they let their brute force program run for one year.

Now let's assume that they have a much better computer today - with 1 ZHZ = 1,000,000,000,000 MHZ (!). How many characters may the password now have if the attack was it worth for them to let their supercomputer run for a whole year? Only ~13.48!

My PGP password has more than 50 characters. The expenses needed to find it out by a brute force attack would be tremendous! If they wanted to do it in one year they would need ~7.7*1081 MHZ if the above assumptions would apply. Quite a lot :D.

Yes they would but by the time that happened you would be long dead from old age.

I guess I should have refreshed the thread before replying. You have made my point far better than I did Rhadon

Ahh but you are making several assumptions here

1. You are assuming that your passwords are 100% random collections of letters and numbers. Because such a password becomes a weakness in itself (in so far as its almost impossible to remember) this is almost always not the case and anyone trying to crack your password will have a good starting point based on standard character patterns present various languages

2. How has the government been able to so successfully foil all recent terrorist attempts against the Allies if they cant crack messages which Im sure the terrorists encrypt using PGP (these guys might not like us, but they arent stupid!)

Although I do agree that with what today is accepted as a standard computer available to all but the highest levels of government a PGP encrypted message is virtually uncrackable.

It would be interesting to see how long this thing would take...360 teraflops

http://www.research.ibm.com/resources/news/20031114_bluegene.shtml

and if they are publically announcing this machine you can be sure the American military will have one several times as powerful hidden away somewhere in secret, thats if they havent already got a quantum computer, which if they have even a 6,000,000 charachter password wouldnt be secure

There was a show on "The Learning Channel" about the NSA and their computers.
The one bit they had said you can have the fastest computer made at that time running calculations to break codes and it would take it 29 years to do what their supercomputer can do in 1 minute.
Granted you never really know if they are giving facts or if it is propaganda.
Look at satalite images that are public, 1m resolution and that is from the old images that they let you see from outdated tech.
Big brother does watch you.

There is absolutely no way that NSA can crack most good encryption algo's out there today(AES, blowfish, PGP) in any reasonable amount of time. Read "Applied Cryptography" by Bruce Schnier(it's on the FTP) if you want more details. Essentially, assuming computer power increased by 10 times, and the quality of decryption algorithims increased by a similar factor, it would still take them about 100 billion years to decrypt a PGP'd message.

PHAID: Even if they have such computers (which I don't believe they do) this computers will still be significantly slower than the one I used in my above calculation - assuming that computers that we use today have 5000 MHz in average, their computers will have 76,212,000,000 MHz. Much less than the 1,000,000,000,000 MHz I used. And it can only attack short passwords.

It's true what Nihilist says, at least if they don't have your private key. My calculations above were based on the assumption that they have your private key.

zyk43: I don't think that point (1) does significantly lower the time needed for the attack. Even if testing every 1000th password would be sufficient that wouldn't make that much differemce. To point (2) I only say: 9/11. One could counter by saying that this attack was planned an executed by the US government itself to enable deep interventions into their citizens' rights (e.g. the Partiot Act), but that's another story which shall not be discussed in this topic.

I agree that no matter what it would take a fair while (be that weeks or years) and on reflection an obvious terrorist tactic would be to send out 50 encrypted messages at once, only 1 of which was relevent. This would mean that even if they could decrypt in a few weeks/ months by the time they had decrypted the whole lot it would be too late...safety in numbers so to speak

On a slight side note, I dont know if petaflops used in measurement of supercomupters can directly relate to MHz used to measure desktop computers speeds. The raw MHz measurement value isnt always the most accurate value of computing power. This is illustrated by AMD whose athlon processors perform as well as pentuim 4's even though they run slower.

You're right - MHz and flops are not directly related like that, but it's not massively far off. Run a benchmark on your own machine and see.

If you sent 50 messages, they wouldn't have to break them all. They'd be attacking your key, once they've found it (the first message decrypts) they can use it to decrypt all the others, just like you would.

What if you were to Encrypt Your information (if it were a message, not a file) with PGP, and then used another program like blowfish to encrypt the text that PGP gave you? You could do this several times, with different programs. Not only would it take them however many more times to crack it, but they wouldn't know which type of encryption you used, and where.

Another way to hack encryption is to try and decipher messages of which you can roughly guess or either know the content.

For example, the allies would have planes shooting down german buoys, because they would sent the message "buoy destroyed" using enigma encryption.

After numerous attempts on this message, it was finally cracked.

"If you sent 50 messages, they wouldn't have to break them all. They'd be attacking your key, once they've found it (the first message decrypts) they can use it to decrypt all the others, just like you would."

Good point, assuming you used the same key for each...

Good point, assuming you used the same key for each...

How the hell is the intended recipient going to decipher that?

Please refrain from making pointless posts. Postwhores are rather disliked.