On Mon, 23 May 2005 12:12:28 +0800, Chan Yong Wei wrote: > Forgive me if I seem to come across as being pedantic; but PGP > itself isn't an encryption algorithim; it is a program that utilises > encryption algorithims like AES/DSA to encode/decode stuff.
You are, of course, correct. I wasn't thinking clearly when I posted that, apparently. :-) > [...] it would be difficult to slip in any back doors into the code > undetected. Difficult to slip them into the code, but not necessarily the algorithm. I'm not entirely up to speed on the provenance of AES or DSA, but if they came out of someplace as "black boxes", like DES did from IBM (with unknown amounts of "assistance" from "black" agencies), then it's entirely possible the algorithm has inherent back doors. > I don't really understand the math behind it all, but to my knowledge > it involves factoring large numbers into their constituent primes or > something like that. That's the "direct" approach to many current cryptosystems. There may well be other approaches, though. For example, if "someone" knows of a particular mathematical weakness in the algorithm, that weakness can be exploited, with or without specialty hardware. An example of such a weakness might be that for primes of the form (2^k - 1) the algorithm degenerates in some way that reduces the problem space the attacker must search. TTYL, DougF KG4LMZ