PGP Insecurity

[John Thompson]

On Fri, 25 Aug 2000 15:36:41 -0400 (EDT), Ralph Cohen wrote:

>After all the recent messages about PGP encryption, I thought that the
>following news item might be of interest.
>
>NEW YORK (AP) - E-mails that have been scrambled for confidentiality
>with a widely used program may not be secure at all, software company
>Network Associates Inc. said Thursday. The company confirmed that
>e-mails encrypted using its PGP (Pretty Good Privacy) software may be
>vulnerable to a sophisticated attacker. [clip...]

IIRC, the vulnerability exists only for PGP v5 and 6 and only because of
the "key escrow" backdoor that NA stuck in to satisfy the fearmongers. 
Earlier versions of PGP are not affected.

On a related note: doesn't the US patent on the RSA encryption algorithm
expire next month?  Maybe this will spur more diversity/development in
public-key cryptography. 


John (john.thompson@attglobal.net)