Newsgroups: sci.crypt
Path: msuinfo!caen!zaphod.mps.ohio-state.edu!think.com!paperboy.osf.org!osf.org!karger
From: karger@osf.org (Paul A. Karger)
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan24.190054.6059@osf.org>
Sender: news@osf.org (USENET News System)
Organization: Open Software Foundation
References: <15015@ncar.ucar.edu> <10541@lectroid.sw.stratus.com> <1992Jan24.144351.1471@osf.org> <10585@lectroid.sw.stratus.com>
Date: Fri, 24 Jan 1992 19:00:54 GMT
Lines: 22

In article <10585@lectroid.sw.stratus.com>, cme@ellisun.sw.stratus.com (Carl Ellison) writes:
|> 
|> With private key systems, the repeated use of a single key produces an
|> immediate cryptanalytic weakness in the system.  If one uses per-message
|> keys to counteract that weakness, then those keys have to be communicated
|> and that, too, provides a possible point of cryptanalytic entry.
|> 
|> The security threat implied with public key systems is that of spoofing --
|> quite real but of a different class from cryptanalysis because if a message
|> is intercepted that way, the proper recipient knows immediately that
|> something is wrong because he can no longer decrypt messages intended for
|> him.  If a private key system is broken by cryptanalysis, neither proper
|> party to the conversation knows that the break has occurred.

The security threats of public key systems are not just spoofing.  There is no guarantee that a particular public key system is not vulnerable to a large known plaintext attack.  Likewise, the accidental disclosure of your private key is just as serious in public key systems as in conventional systems.   

All I'm saying is that public key cryptography is an improvement on previous types of systems, but it is not a panacea.  Real use of cryptography is VERY different from theoretical use.  Cipher clerks make mistakes.  Machines get compromised.  All of these threats affect public key as well as conventional systems.

There was a paper in the 1982 IEEE Symposium on Security and Privacy by Gus Simmons of Los Alamos Labs.  He broke an RSA speech crypto system without doing ANY factoring at all!  The encryption was being used in a block mode, and speech is so redundant that he could decipher the encrypted speech without actually
breaking the cipher!!!   The real-time demonstration at the conference was particularly impressive.

Using cryptography properly is HARD.  Just because you use public key, doesn't make it all that much simpler to get it right!   Public key helps some, but you still have to be VERY careful to get everything right.
