Welcome to Newsletter #5. I'm writing this newsletter because I've heard a troublesome rumor about PGP.
I have a friend, whom I'll call Bob. Bob has a practical interest in encryption. He has some programming experience, but he is not very knowledgable about the technical aspects of encryption. Bob became acquainted with Don, who works in the area of secure communications for the banking industry. I trust Bob insofar as his honesty. I don't know Don, so I cannot vouch for his integrity.
The point is, Bob tells me that Don swears that PGP has a back door for the NSA. According to Bob, Don says this back door has existed since 1996, and that earlier versions of PGP are secure.
Now this troubles me, since I had trusted the integrity of PGP up to this point. Bear in mind that these allegations cannot be treated as established fact. But considering the source of the allegations, I cannot dismiss them as mere rumors.
Back to the specifics, while I don't have any more details than mentioned above, I can speculate a bit. First, PGP is and has been open-source from its beginning. This tells me that there is no back door, per se, in the program itself. Second, the only major change I am aware of in PGP, circa 1996, that could so drastically affect its integrity is the introduction of the Diffie-Hellman public-key algorithm, accompanied by the CAST conventional encryption algorithm. In some PGP 5.x freeware versions, access to the older RSA keys was limited, or even eliminated. In all versions of PGP since that time, Diffie-Hellman and CAST are the default. Many of the more recent versions also support RSA keys, however.
Based on the above, I am suspicious of the Diffie-Hellman algorithm, at least as implemented in PGP. Perhaps this is just paranoia. While I have a little technical knowledge of the mechanics of encryption, I do not have the expertise to analyze the Diffie-Hellman algorithm for possible mathematical weaknesses. I attempted to find on the Web a technical review of the DH algorithm as used in PGP, but came up empty. Nevertheless, the possibility of a back door in the Diffie-Hellman algorithm concerns me enough that I will henceforth use RSA keys whenever possible, and I recommend that my readers do the same. If you have generated only DH/DSS keys, please now generate a set of RSA keys and send them to all of your contacts. Be sure when you generate RSA keys to make the size 2048 bits, the longest that standard versions of PGP allow. If your version of PGP offers you the choice, select the IDEA algorithm as your preference for conventional encryption instead of CAST.
If you are using a version of PGP that does not fully support RSA keys, you should immediately upgrade to a version that does. Free versions known to fully support RSA keys include 6.0.2ckt, 6.5.1i, and 6.5.1ckt. I know that the commercial version 6.5.2 has full RSA key support, and I believe that all or most commercial versions throughout the 5.x.x and 6.x.x series also fully support RSA keys. Most of the freeware US versions DO NOT fully support RSA keys.
I do not advocate revoking your DH/DSS keys. You may need to communicate with folks whose PGP version cannot use your RSA keys. DH/DSS is still better than no encryption, but be a bit wary. Encourage all your contacts to upgrade to RSA-enabled versions, and to then begin using only RSA keys where possible.
If any of you have more information regarding this alleged flaw, I would be most interested to hear from you.
Until next newsletter.....
-------------------- Jim Saraske --------------------
