- Chosen Plain Text Attack
This is the next step up from the Known Plain Text Attack. In this
version, the cryptanalyst can choose what plain text message he wishes
to encrypt and view the results, as opposed to simply taking any old
plain text that he might happen to lay his hands on. If he can recover
the key, he can use it to decode all data encrypted under this key.
This is a much stronger form of attack than known plain text. The
better encryption systems will resist this form of attack.
A chip developed by the United States Government that was to be used
as the standard chip in all encrypted communications. Aside from the
fact that all details of how the Clipper chip work remain classified,
the biggest concern was the fact that it has an acknowledged trap door
in it to allow the government to eavesdrop on anyone using Clipper
provided they first obtained a wiretap warrant. This fact, along with
the fact that it can't be exported from the United States, has led a
number of large corporations to oppose the idea. Clipper uses an 80
bit key to perform a series of nonlinear transformation on a 64 bit
- DES (Data Encryption Standard)
A data encryption standard developed by IBM under the auspices of the
United States Government. It was criticized because the research that
went into the development of the standard remained classified.
Concerns were raised that there might be hidden trap doors in the
logic that would allow the government to break anyone's code if they
wanted to listen in. DES uses a 56 bit key to perform a series of
nonlinear transformation on a 64 bit data block. Even when it was
first introduced a number of years ago, it was criticized for not
having a long enough key. 56 bits just didn't put it far enough out of
reach of a brute force attack. Today, with the increasing speed of
hardware and its falling cost, it would be feasible to build a machine
that could crack a 56 bit key in under a day's time. It is not known
if such a machine has really been built, but the fact that it is
feasible tends to weaken the security of DES substantially.
I would like to thank Paul Leyland <firstname.lastname@example.org> for the following
information relating to the cost of building such a DES cracking
Efficient DES Key Search
At Crypto 93, Michael Wiener gave a paper with the above title. He
showed how a DES key search engine could be built for $1 million which
can do exhaustive search in 7 hours. Expected time to find a key from
a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.
So far as I can tell, the machine is scalable, which implies that a
$100M machine could find keys every couple of minutes or so.
The machine is fairly reliable: an error analysis implies that the mean
time between failure is about 270 keys.
The final sentence in the abstract is telling: In the light of this
work, it would be prudent in many applications to use DES in triple-
I only have portions of a virtually illegible FAX copy, so please don't
ask me for much more detail. A complete copy of the paper is being
snailed to me.
Paul C. Leyland <email@example.com>
Laszlo Baranyi <firstname.lastname@example.org> says that the full paper is available
in PostScript from:
- EFF (Electronic Frontier Foundation)
The Electronic Frontier Foundation (EFF) was founded in July, 1990, to assure
freedom of expression in digital media, with a particular emphasis on
applying the principles embodied in the Constitution and the Bill of Rights
to computer-based communication. For further information, contact:
Electronic Frontier Foundation
1001 G St., NW
Suite 950 East
Washington, DC 20001
+1 202 347 5400
+1 202 393 5509 FAX
- IDEA (International Data Encryption Algorithm)
Developed in Switzerland and licensed for non-commercial use in PGP.
IDEA uses a 128 bit user supplied key to perform a series of nonlinear
mathematical transformations on a 64 bit data block. Compare the
length of this key with the 56 bits in DES or the 80 bits in Clipper.
- ITAR (International Traffic in Arms Regulations)
ITAR are the regulations covering the exporting of weapons and weapons
related technology from the United States. For some strange reason,
the government claims that data encryption is a weapon and comes under
the ITAR regulations. There is presently a move in Congress to relax
the section of ITAR dealing with cryptographic technology.
- Key Escrow
In general, key escrow means that a copy of the secret key needed to
decrypt something is stored with a third party. This can be a notary or
a bank, who will keep it safely for you, in case you lose your key, or
when you die, in which case your relatives might need access to your
It is also common in business. When an employee has encrypted material
on his company computer, and he leaves, gets fired, or dies unexpectedly,
the company might not be able to decrypt the material. This can cost them
a lot of money, especially when the employee was working on something
very important. For this reason, a copy of the secret key is usually
kept by one or more supervisors, who can then decrypt the material if
necessary. To ensure that a supervisor does not abuse this power, the
key can be split amongst several persons, who have to work together to
restore the key.
Thanks to the US Clipper initiative, this term
is now more or less synonymous with government key escrow, where the
government keeps a copy of all the secret keys in the country. This allows
them to read all encrypted messages being sent, usually for reasons of
national security. Many people object to this type of key escrow, as it
can be used to invade people's privacy very easily.
- Known Plain Text Attack
A method of attack on a crypto system where the cryptanalyst has
matching copies of plain text, and its encrypted version. With weaker
encryption systems, this can improve the chances of cracking the code
and getting at the plain text of other messages where the plain text
is not known.
- MD5 (Message Digest Algorithm #5)
The message digest algorithm used in PGP is the MD5 Message Digest
Algorithm, placed in the public domain by RSA Data Security, Inc.
MD5's designer, Ronald Rivest, writes this about MD5:
"It is conjectured that the difficulty of coming up with two messages
having the same message digest is on the order of 2^64 operations, and
that the difficulty of coming up with any message having a given
message digest is on the order of 2^128 operations. The MD5 algorithm
has been carefully scrutinized for weaknesses. It is, however, a
relatively new algorithm and further security analysis is of course
justified, as is the case with any new proposal of this sort. The
level of security provided by MD5 should be sufficient for implementing
very high security hybrid digital signature schemes based on MD5 and
the RSA public-key cryptosystem."
MIPS stands for Million Instructions Per Second. Usually, this is an
indicator of the computer's brute force power. A MIPS-year is
approximately the amount of computing done by a 1 MIPS computer in one
- MPILIB (Multiple Precision Integer Library)
This is the common name for the set of RSA routines used in PGP 2.3a
and previous, as well as the international versions of PGP. It is
alleged to violate PKP's RSA patent in the USA, but is not otherwise
restricted in usage. It retains its popularity abroad because it
outperforms RSAREF and has fewer legal restrictions as well.
- NSA (National Security Agency)
The following information is from the sci.crypt FAQ:
The NSA is the official communications security body of the U.S.
government. It was given its charter by President Truman in the early
50's, and has continued research in cryptology till the present. The
NSA is known to be the largest employer of mathematicians in the
world, and is also the largest purchaser of computer hardware in the
world. Governments in general have always been prime employers of
cryptologists. The NSA probably possesses cryptographic expertise many
years ahead of the public state of the art, and can undoubtedly break
many of the systems used in practice; but for reasons of national
security almost all information about the NSA is classified.
- One Time Pad
The one time pad is the ONLY encryption scheme that can be proven to
be absolutely unbreakable! It is used extensively by spies because it
doesn't require any hardware to implement and because of its absolute
security. This algorithm requires the generation of many sets of
matching encryption keys pads. Each pad consists of a number of random
key characters. These key characters are chosen completely at random
using some truly random process. They are NOT generated by any kind of
cryptographic key generator. Each party involved receives matching
sets of pads. Each key character in the pad is used to encrypt one and
only one plain text character, then the key character is never used
again. Any violation of these conditions negates the perfect security
available in the one time pad.
So why don't we use the one time pad all the time? The answer is that
the number of random key pads that need to be generated must be at
least equal to the volume of plain text messages to be encrypted, and
the fact that these key pads must somehow be exchanged ahead of time.
This becomes totally impractical in modern high speed communications
Among the more famous of the communications links using a one time pad
scheme is the Washington to Moscow hot line.
- PEM (Privacy Enhanced Mail)
The following was taken from the sci.crypt FAQ:
How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?
[ Maintainer's note: The above paragraph is not fully correct, as MIT
PGP uses RSAREF as well now. ]
Here's one popular method, using the des command:
cat file | compress | des private_key | uuencode | mail
Meanwhile, there is a de jure Internet standard in the works called
PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through
1424. To join the PEM mailing list, contact email@example.com.
There is a beta version of PEM being tested at the time of this
There are also two programs available in the public domain for
encrypting mail: PGP and RIPEM. Both are available by FTP. Each has
its own news group: alt.security.pgp and alt.security.ripem. Each has
its own FAQ as well. PGP is most commonly used outside the USA since
it uses the RSA algorithm without a license and RSA's patent is valid
only (or at least primarily) in the USA.
RIPEM is most commonly used inside the USA since it uses the RSAREF
which is freely available within the USA but not available for
shipment outside the USA.
Since both programs use a secret key algorithm for encrypting the body
of the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting
the message key, they should be able to interoperate freely. Although
there have been repeated calls for each to understand the other's
formats and algorithm choices, no interoperation is available at this
time (as far as we know).
- PGP (Pretty Good Privacy)
The program we're discussing. See question 1.1.
- PKP (Public Key Partners)
A patent holding company that holds many public-key patents, including
(supposedly) the patent on public-key cryptography itself. Several of
its patents are not believed by some to be valid, including their
patent on RSA (which affects PGP).
- RSA (Rivest-Shamir-Adleman)
RSA is the public key encryption method used in PGP. RSA are the
initials of the developers of the algorithm which was done at taxpayer
expense. The basic security in RSA comes from the fact that, while it
is relatively easy to multiply two huge prime numbers together to
obtain their product, it is computationally difficult to go the
reverse direction: to find the two prime factors of a given composite
number. It is this one-way nature of RSA that allows an encryption key
to be generated and disclosed to the world, and yet not allow a
message to be decrypted.
This is the free library RSA Data Security, Inc., made available for
the purpose of implementing freeware PEM applications. It implements
several encryption algorithms, including (among others) RSA. MIT PGP
uses RSAREF's RSA routines to avoid the alleged patent problems
associated with other versions of PGP.
TEMPEST is a standard for electromagnetic shielding for computer
equipment. It was created in response to the fact that information can
be read from computer radiation (e.g., from a CRT) at quite a distance
and with little effort. Needless to say, encryption doesn't do much
good if the cleartext is available this way. The typical home
computer WOULD fail ALL of the TEMPEST standards by a long shot. So,
if you are doing anything illegal, don't expect PGP or any other
encryption program to save you. The government could just set up a
monitoring van outside your home and read everything that you are
doing on your computer.
Short of shelling out the ten thousand dollars or so that it would
take to properly shield your computer, a good second choice might be a
laptop computer running on batteries. No emissions would be fed back
into the power lines, and the amount of power being fed to the display
and being consumed by the computer is much less than the typical home
computer and CRT. This provides a much weaker RF field for snoopers to
monitor. It still isn't safe, just safer. In addition, a laptop
computer has the advantage of not being anchored to one location.
Anyone trying to monitor your emissions would have to follow you
around, maybe making themselves a little more obvious. I must
emphasize again that a laptop still is NOT safe from a tempest
standpoint, just safer than the standard personal computer.