PGP Problems with PMMail 2000 Pro - An Encryption Security Story

[Bill Wood]

Morning Gents,

You may find this interesting.

This is from memory, so some of what follows my not be
exact. In the late 70's (I think) Scientific American
published a fascinating article on public key
encryption and trap door codes.  It was the first I had
seen. The author was the owner of a small company who
provided these services. At the end of the article he
gave his public key and an encrypted message with the
challenge that he was offering a prize of $2,500 to
anyone could decipher this message, that,
statistically, should have been secure for hundreds of
years.

Well, to make a long story short, a computer engineer
from Israel claimed the prize in only 2 years. He had
access to significant computer resources, but that was
not why he cracked the message so soon. The problem was
that the code algorithm had an unsuspected periodic
autocorrelation that caused the code to collapse to a
much simpler one. The author got his money's worth
though because the extensive work done by the Israeli
allowed him to fix his algorithm.

As for the Israeli, when asked why he should devote so
much time for only $2,500, his answer was "... the ear
of the bull."

The point is that it is not always a trivial matter to
verify that code algorithims achieve the statistics
expected, and I would be careful that a code selected
for serious purposes have a pedigree and a lot of
documented testing or an accepted mathematical proof. I
seem to remember that there are some accepted standards
for these things.

w3

Bill Wood
Las Vegas, NV
wwwood@lv.rmci.net

Support Bilingual Education
 ...  English and Mathematics