Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!uwvax!oddjob!gargoyle!ihnp4!ihnet!tjr From: tjr@ihnet.ATT.COM (Tom Roberts) Newsgroups: sci.crypt Subject: Re: FIDONET Proposal - Public Key Encryption System Message-ID: <562@ihnet.ATT.COM> Date: Mon, 3-Aug-87 12:19:44 EDT Article-I.D.: ihnet.562 Posted: Mon Aug 3 12:19:44 1987 Date-Received: Tue, 4-Aug-87 04:04:20 EDT Organization: AT&T Bell Laboratories - Naperville, Illinois Lines: 43 Keywords: Public Key Encryption There are some problems with public key encryption which I do NOT believe have been adequately addressed: 1) How does a user KNOW that the correct (i.e. uncompromised) public key is being used. This is crucial to the entire system. If anybody (e.g. SYSOP) can modify the keys contained in the key server, they can then read the mail, or masquerade as someone else. Of course, the recipient will decrypt garbage, or the deception will eventually be discovered, but the damage has already been done. 2) How are keys selected? I know of no adequate method using psuedo-random number generators. Using the current date+time[+...] as a seed is hopeless. Using a "random" string entered by the user is better, but is still not perfect. Requiring the user to have a "true" random number generator is not feasible. Remember, the "seed space" for the key generator is the REAL "key space" which must be searched by a cracker; the 1000-bit secret key is merely an intermediate result determined by the key generator (but it, too, is vulnerable, so you need a good algorithim which makes the secret key uncomputable from the public key - see 3 below). 3) How secure is the algorithm (i.e. how "difficult" is it to determine the secret key, given the public key and the algorithm) ? There have been recent advances described in the unclassified literature which affect the popular algorithms. Public key encryption (or any type of encryption) can make the reading of mail by non-authorized people non-trivial. A general, system-wide implementation of any type of system is also non-trivial, even difficult. Key management is where most systems fall down; contrary to statements made in the "popular" press, public key techniques DO NOT solve the problems, but merely move them to a different arena. The level of "non-trivialness" depends heavily upon system design and implementation; strong algorithms do not necessarily make strong systems - much more is involved. Note the danger: users tend to believe that encryption systems are invulnerable (c.f. all of the anecdotes about WW2, in which German and Japanese systems were utterly broken, but they retained their blind belief they were secure). It is entirely possible that a moderately-strong system will be WORSE than no system, because it will engender a false sense of security in the users. Tom Roberts ihnp4!ihnet!tjr