Mailing List Archive

On Fri, 7 Jan 2000, Simpson, Sam wrote:

> I note that the GnuPG web page says: "Better functionality than
> PGP and some security enhancements.". Apart from more algorithms
> & better ability to select algorithms, what does this mean????

* You have the real source code and everone is able to build the
executable from this source. I am not sure whether you can do
this with the PGP books and noone can be sure that these books
reflect the actual PGP executables delivered by NAI.
* Stores secret keys in a memory area which will not be swapped
out to the disk.
* All operations involving confidential material (session keys, some
hashs, secret keys, intermediate results) are althoug done in this
memory area.
* It can use ElGamal for signing by creating all ElGamal keys in a
secure way. Uses this algorith even for DSA keys, just in case.
I think PGP now uses the same Lim-Lee algorithm now and I am not
sure whether this is at all an advantage.
* It never uses any temporary files.
* Has quite a lot of features you expect from a Unix tool.

> I have constructed a (very) small table to compare the algorithms
> available, it's at: http://www.scramdisk.clara.net/compare.html

Please get this Skipjack out of the list. It whish I never wrote this
module - it used to be just an experiment.

As I only have this 6.5.1 pgp here and it even refuses to create keys
with a message saying it can't open the keyrings (although strace show
that it indeed opens them), I don't know what this SHA-1x is.

--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner,

Thanks for the quick answers. See points in-text below.

> -----Original Message-----
> From: Werner Koch [mailto:wk@gnupg.org]
> Sent: 07 January 2000 11:48
> To: s.simpson@mia.co.uk
> Subject: Re: Comparison of GnuPG & NAI/PGP features.
>
>
> On Fri, 7 Jan 2000, Simpson, Sam wrote:
>
> > I note that the GnuPG web page says: "Better functionality
than
> > PGP and some security enhancements.". Apart from more
algorithms
> > & better ability to select algorithms, what does this
mean????
>
> * You have the real source code and everone is able to build
the
> executable from this source. I am not sure whether you can
do
> this with the PGP books and noone can be sure that these
books
> reflect the actual PGP executables delivered by NAI.

AFAIK the NAI distribution is just a build of the normal files.
You can't do a byte-by-byte comparison of the executable though
because VC++ includes date/time stamps etc.

> * Stores secret keys in a memory area which will not be swapped
> out to the disk.

A sexy feature, to be sure. I know the NAI/PGP Windows version
also includes this feature, but I'm not sure about the UNIX
versions...

> * All operations involving confidential material (session keys,
some
> hashs, secret keys, intermediate results) are althoug done in
this
> memory area.
> * It can use ElGamal for signing by creating all ElGamal keys
in a
> secure way. Uses this algorith even for DSA keys, just in
case.
> I think PGP now uses the same Lim-Lee algorithm now and I am
not
> sure whether this is at all an advantage.
> * It never uses any temporary files.
> * Has quite a lot of features you expect from a Unix tool.
>
> > I have constructed a (very) small table to compare the
algorithms
> > available, it's at:
http://www.scramdisk.clara.net/compare.html
>
> Please get this Skipjack out of the list. It whish I never
wrote this
> module - it used to be just an experiment.

ok.

> As I only have this 6.5.1 pgp here and it even refuses to
create keys
> with a message saying it can't open the keyrings (although
> strace show
> that it indeed opens them), I don't know what this SHA-1x is.

This is a "double-width" version of SHA-1, as per Hash Algorithm
ID 4 in [RFC2440]. PGP v5.x allowed the verification of
signatures using this scheme and some CKT versions allow you to
employ this hash as part of a signature.


Regards,

Sam Simpson
Communications Analyst
- -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components. PGP Keys available at the
same site.

-----BEGIN PGP SIGNATURE-----
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/

iQA/AwUBOHXWCu0ty8FDP9tPEQJzTgCg5kbvgMIuZeUPF9DGJQIq0hVjF8oAoLfQ
eug6CilRpWeUSkeydaKfxOOR
=onlg
-----END PGP SIGNATURE-----

On Fri, 7 Jan 2000, Simpson, Sam wrote:

> AFAIK the NAI distribution is just a build of the normal files.
> You can't do a byte-by-byte comparison of the executable though
> because VC++ includes date/time stamps etc.

This should not be a problem if you know the excat version of all
tools. It is possible to ignore those timestamps when comparing the
objects and executables. The gcc build process does the same.

Has this ever been done or is the process of creating the PGP
executables supervised by independent experts and if, who is it and
where can I get there certificate?

<paranoid-mode> Why are employees of NAI suggesting to better use
the original version and not the international (scanned) version
(happend at the Systems/Munich this fall)?
</>

> A sexy feature, to be sure. I know the NAI/PGP Windows version
> also includes this feature, but I'm not sure about the UNIX
> versions...

I have not seen something like this when I installed it on a
MS-Windows box. Maybe they silently installed this device driver;
however, I was not asked to reboot :-)

> This is a "double-width" version of SHA-1, as per Hash Algorithm
> ID 4 in [RFC2440]. PGP v5.x allowed the verification of

This is not an OpenPGP algorithm. It is marked as reserverd for
experimental use and there is not description available.



--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html

On Sat, 8 Jan 2000, L. Sassaman wrote:

> Not that I use it, but what exactly is wrong with it? Has there been a
> successful cryptanalysis, or are you just wary of anything NSA?

Either Biham or Shamir found a design weekness within a day after the
NSA released the code.

It is only 80 bits whereas the other algorithms all use 128 bit keys.

It is not very fast.

And there is no defined algorithm identifier for it in OpenPGP. You
noticed the message about experimental algorithms GnuPG prints for it?

--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: L. Sassaman [mailto:rabbi@quickie.net]
> Sent: 11 January 2000 22:24
> To: s.simpson@mia.co.uk
> Cc: gnupg-users@gnupg.org
> Subject: Re: Comparison of GnuPG & NAI/PGP features.
>
> On Sat, 8 Jan 2000, Werner Koch wrote:
>
> > On Sat, 8 Jan 2000, L. Sassaman wrote:
> >
> > > Not that I use it, but what exactly is wrong with it? Has
> there been a
> > > successful cryptanalysis, or are you just wary of anything
NSA?
> >
> > Either Biham or Shamir found a design weekness within a day
> after the
> > NSA released the code.
>
> I didn't realise that.

All the Biham / Shamir results on SkipJack are available at:
http://www.cs.technion.ac.il/~biham/Reports/SkipJack/

I think everyone expected SkipJack to be broken after the initial
success, but it would appear that it's actually quite
strong...NSA have a habit of (look at DES, DSA etc) producing
algorithms that are VERY good at doing the job they were designed
for, but can't be extended easily.

SkipJack was meant to protect data with 80-bit keys and it does
this job well - if you change the algorithm at all then you
dramatically weaken it.

AFAIK, there are no attacks better than brute-force on
SkipJack-proper.

> > It is only 80 bits whereas the other algorithms all use 128
> bit keys.
> >
> > It is not very fast.
> >
> > And there is no defined algorithm identifier for it in
OpenPGP. You
> > noticed the message about experimental algorithms GnuPG
> prints for it?
>
> I was aware of the other points... I just wanted to know if you
were
> against it because it ws just generally sucky, or because of
> some large, particular problem. I don't plan on using it either
case... :)

My main reservation is that the 80-bit key length is considered
marginal at best. I can see no reason to recommend SkipJack over
3DES for example....


Regards,

Sam Simpson
Communications Analyst
- -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components. PGP Keys available at the
same site.

-----BEGIN PGP SIGNATURE-----
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/

iQA/AwUBOHxyMO0ty8FDP9tPEQKciACgnLh22n+dtY6NDxe1jtCQn1YmluYAoI14
3g/Pw2v7TM7Kl66DrKMy835V
=8N5+
-----END PGP SIGNATURE-----