The PGP Attack FAQ

PGP is the most widely used hybrid cryptosystem around today. There have been AMPLE rumours regarding its security (or lack there of). There have been rumours ranging from PRZ was coerced by the Gov't into placing backdoors into PGP, that the NSA has the ability to break RSA or IDEA in a reasonable amount of time, and so on. While I cannot confirm or deny these rumours with 100% certainty, I really doubt that either is true. This FAQ while not in the 'traditional FAQ format' answers some questions about the security of PGP, and should clear up some rumours...

Brief introduction

There are a great many misconceptions out there about how vulnerable Pretty Good Privacy is to attack. This FAQ is designed to shed some light on the subject. It is not an introduction to PGP or cryptography. If you are not at least conversationally versed in either topic, start with the Crash course on cryptography, and the sci.crypt FAQ.

PGP is a hybrid cryptosystem. It is made up of 4 cryptographic elements: It contains a symmetric cipher (IDEA), an asymmetric cipher (RSA), a one-way hash (MD5), and a random number generator (Which is two-headed, actually: it samples entropy from the user and then uses that to seed a PRNG). Each is subject to a different form of attack.

Closing comments

I have presented factual data, statistical data, and projected data. Form your own conclusions. Perhaps the NSA has found a polynomial-time (read: fast) factoring algorithm. But we cannot dismiss an otherwise secure cryptosystem due to paranoia. Of course, on the same token, we cannot trust cryptosystems on hearsay or assumptions of security. Bottom line is this: in the field of computer security, it pays to be cautious. But it doens't pay to be un-informed or needlessly paranoid. Know the facts.

Thank You's (in no particular order)

PRZ, Collin Plumb, Paul Kocher, Bruce Schneier, Paul Rubin, Stephen McCluskey, Adam Back, Bill Unruh, Ben Cantrick,Jordy, Galactus, the readers of sci.crypt and the* groups

List of questions

The symmetric cipher

The asymmetric cipher

The one-way hash

The pseudo-random number generator (PRNG)

Practical attacks

What if...