Is PGP dead? I would say so! But it is still suffcient to keep stuff semi private from most people.

Check out this article:

As described earlier, PGP "bootstraps" into a conventional single-key encryption algorithm by using a public key algorithm to encipher the conventional session key and then switching to fast conventional cryptography. So let's talk about this conventional encryption algorithm. It isn't the DES.

The Federal Data Encryption Standard (DES) used to be a good algorithm for most commercial applications. But the Government never did trust the DES to protect its own classified data, because the DES key length is only 56 bits, short enough for a brute force attack. Also, the full 16-round DES has been attacked with some success by Biham and Shamir using differential cryptanalysis, and by Matsui using linear cryptanalysis.

The most devastating practical attack on the DES was described at the Crypto '93 conference, where Michael Wiener of Bell Northern Research presented a paper on how to crack the DES with a special machine. He has fully designed and tested a chip that guesses 50 million DES keys per second until it finds the right one. Although he has refrained from building the real chips so far, he can get these chips manufactured for $10.50 each, and can build 57000 of them into a special machine for $1 million that can try every DES key in 7 hours, averaging a solution in 3.5 hours. $1 million can be hidden in the budget of many companies. For $10 million, it takes 21 minutes to crack, and for $100 million, just two minutes. With any major government's budget for examining DES traffic, it can be cracked in seconds. This means that straight 56-bit DES is now effectively dead for purposes of serious data security applications.

A possible successor to DES may be a variation known as triple DES, which uses two DES keys to encrypt three times, achieving an effective key space of 112 bits. But this approach is three times slower than normal DES. A future version of PGP may support triple DES as an option.


If you read the other article I posted he believes that the NSA can break 1024 bit in almost real time!!!! PGP is what 56 bit I think?


This part is CRAZY!

Although he has refrained from building the real chips so far, he can get these chips manufactured for $10.50 each, and can build 57000 of them into a special machine for $1 million that can try every DES key in 7 hours, averaging a solution in 3.5 hours. $1 million can be hidden in the budget of many companies.

A $10.50 chip can break PGP in a second!


I remember reading about some guy that clustered a whole bunch of regular office computer, loaded his custom software and was able to breal DES in a day or so with his crypto team!



[edit on 3-9-2004 by boosted]

Aside from computers, I think the human brain should be considered as a very formidable opponent in the war against encryption. People build the encryption in the first sense, so it would be logically to summise that a person could then break the encryption. Even systems that seem totally incompromiseable, like Quantum Encryption.

The human brain is possible of 500 trillion calculations per second. 1.5 times the combined processing power of all 500 machines on Top 500 list of supercomputers. With a comprehensive supercluster, and a team of highly efficient code-breakers, I wouldn't be surprised if the Government could crack anything that's currently available, even if it seems impossible to us.

I can imagine the Government 'poaching' those at the top end of encryption programs and companies and using them to work on decoding methods too.

Mor

Yes They Can Crack Codes.

NSA You bet your A** they can. Find a disgruntled ex UUNET employee and ask that question. There are a few obscure things though. CALEA is a 1994 law ("Communications Assistance to Law Enforcement Act") to force a massive reworking of the U.S. telephone infra-structure so that the
government can intrinsically wiretap it. Its called the FBI Digital Telephony Act. It is a domestic extension of ECHELON.

I remember when 64 bit keys came out and right there on internet explorer you had to check a box saying you would not export it. hmm not there anymore

i adimit that i know nothing of encription but could you not increase the number of posible keys greatly by just dubble or tripple encripting stuff. i think the increase would be exponesahl.

Since the RSA algorithym was developed the NSA demands that backdoors are built into all encrytpion software.
The developer who designed PGP was taken to trial by the government
on some type of national security charge for releasing PGP to the public without review by the NSA not exact on all of this but the government was not happy.


geo

Originally posted by slick
I was just wondering what your thoughts were on whether or not the government can actually crack the various encryption programs that are out there today.

Do you think they can? If so how? Bruteforcing? And what about intelligence agencies outside the US, such as in the UK for example.

Ive been reading quite a few books recently about the matter, and most assume that the government can brute force such algorithms quite quickly now rendering them useless, and was just wondering if you guys think theres any truth in that....

Funny that this topic should come up... I am currently working with some new technologies that make encryption cracking "impractical" to even attempt and have investors interested in the product in California as well as other potentials overseas.. I am "not" a troll .. Just thought I would mention to this article.. :

NO... it will soon be impractical for the government to even attempt to break your encrypted articles as well as you being able to break theirs... I designed this technology to end this bullsh&* practice of "pretending" to not be able to crack encryption codes greater than 1024 bits long within a few days and will enjoy seeing the chaos ensue when governments can no longer access a private persons records...

BTW .. the law states that all encryptions allowed overseas from USA "Must" have a central key given to the feds for "legaal" reasons.. (suuuuure)

Originally posted by geocom
Since the RSA algorithym was developed the NSA demands that backdoors are built into all encrytpion software.

Sure it is, but thats only commercial software. I've worked on multiple encryption programs that I can testify have been secure, seeing as how I compiled them myself.

Originally posted by StrataFire
NO... it will soon be impractical for the government to even attempt to break your encrypted articles as well as you being able to break theirs... I designed this technology to end this bullsh&* practice of "pretending" to not be able to crack encryption codes greater than 1024 bits long within a few days and will enjoy seeing the chaos ensue when governments can no longer access a private persons records...

I'd be very interested in your utility, is it open source? what was it compiled on and using? Did you design it from the foundation up? because thats ALOT of work my friend, it took a team of us to breakdown the AES 256 bit algorithm even though it was open source. How can you be sure your algorithm is 100% secure has it been tested on multiple platforms using different methods of cracking? (Hybrid attacks mainly). How will this bring about chaos the government maintains the records not vice versa.

Never say never. Every single company or person who has ever openly touted their creations as uncrackable or unhackable is always proven wrong in very public and humiliating ways. Making those claims just makes the rewards for the crackers all the more sweet when they pull of what was claimed to be impossible.

Originally posted by alternateheaven
Never say never. Every single company or person who has ever openly touted their creations as uncrackable or unhackable is always proven wrong in very public and humiliating ways. Making those claims just makes the rewards for the crackers all the more sweet when they pull of what was claimed to be impossible.

I'm aware if this was directed towards me. What I meant by secure was not 'uncrackable' but not containing a backdoor. Just so you know cracking is a part of my profile, we build, test, maintain and crack our own programs

im sure they couldent crack the pig-latin encryption!

I would say current encryptions base on backdoors and other possible ways to circle crypted files and must remember human is the weakest link on such matters. In general level people do mistakes even while having most bulletproof safes, but some observation might give wanted codes and access. In hard cases i think still used more rough approach but basically code is get from human not by using super computer to break it.
512bit encryption cannot be breaked for a while even if whole globe has unite matrix to break it, cant back my words cause dont have current mathematic facts, but read about it few years ago and then current capacity wasnt even near.

Only fool would try to ram trough frontgate if theres other options.

Well the Government has a law see; that anyone programming and making a crypt/decrypt program has to allow a way for them to decipher it. They claim this is to help fight terrorism. So these programs sold to the public are not secure. Uncle Sam has the key be sure of that. If they can't decipher it they simply pass a law for cryptography see? Why crack a code they got a key to? You wouldn't believe how many laws the gov has like this, to get wired or tapped into things.

On a side note in order to get things passed like this you first have to have terrorism and national security laws and laws to back up other laws convenient heh? Everything now is against the NSA like it's a seperate living breathing corporate entity. So what do you see going on around you right now? You see terrorism and WTC bombing etc. It all fits nicely wouldn't you say? If they can't get laws passed well then they create a way. Create chaos and wars, blow up WTC, kill you and your family, kick your dog, burn your house down, put the ashes in a burried dungeon under lock and key and then bury the dungeon with the key. rofl this probably isn't to far from the real truth. The gov should be called IMH for short, with a big iron door with a slit in it that says "Insert Money Here".

Good point Sean

I remember watching a program on BBC (I think) a few years ago about computer encryption programs.
It was a real eye opener. One of the guys they interviewed had actually developed an encryption program and had freely distributed it. He was prosecuted and forced to cease and desist any further distribution. I was surprised by this as, in essence, what it amounts to is a denial of an individuals privacy by our own governments (well, one more form of it anyway).
So, in summary, encryption is only to be allowed if the "authorities" are provided with a key. That makes the exercise pointless as they are precisely the kind of rogues who most wouldn't trust with sensetive information anyway

You know some forms of encryption are illegal to export to other countries.
As if you can stop anyone in the world anywhere from actually getting anything off the internet..uh-huh.

But if my buddy the doctor over in Belgium can crack encryption between patients, I'm sure the governments of the world have no problems at all.

If you have private data you wish to hide from their eyes, I suggest buffering 10 minutes of blowjobs and anal sex before and after your data, nobody will sit through more than 5 minutes of that before ejaculating and embarassingly closing the file afraid they will be caught watching it.


[edit on 29-3-2005 by Legalizer]

So to be protected, you must build you're own encryption.... like someone I know, he built his own firewall. So if you're an expert, and you don't buy or distribute you're product to anyone, government can't have any key in there and so you can go in the government computers and they'll must use brute force to go throught you're firewall.

Yes, and unless you have an early version of PGP consider it open to the NSA.

That said a one time pad with something physical is basically uncrackable - think of templates to sit over say pages from the Bible that pulls out the words. You would have to know what book, what pages and have the pad - not crackable but also not too practical from an electronic standpoint.... Change the book every month and it gets even harder....

We use this to communicate orders via ham radio sites.... (oops, cover blown...)

If you want total security your best bet is a cipher key document using a library file that you encrypt and send then the other person decodes and using a system based on the subject line of the e-mail to add a repeating deviation in the library file. and on top of this you should word your communique in double speak that is apparent to the recipient but is utterly innocuous to anyone else

can the government crack encryption?

Sure they can, and don't need no stinking "super secret computer" to do it either.
We, errrr, scratch that, they have been able to crack encryptions for the past decades. The subnet programs utilized today, are simply works of encryption-breaking art.




seekerof

Well, think about it this way.

Half the of ex-hackers out there turn to the 'Jedi' after so many years and work for the government. So, i'd say, yes, the government does know about your plan to blow up your neighbors backyard tree that's been shedding leaves on your soil all year round