PGP use of Diffie Hellman

>
References - (1) is pp. 1-25 of (2), all that's needed for Quiz 2.

1. http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto1-25.pdf

2. http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto.pdf

3. http://www.csc.gatech.edu/~copeland/6086/pgp/pgp_timeline.html

>I some general questions about PGP (I looked in the manual, but I didn't 
>see the answer)..
> 
>- Why does PGP use Diffie Hellman/DSS instead of using RSA? 
---------------------
You only need to establish a secret key, to encrypt the session key
actually used the encrypt the message.  Page 150 in the text (sec. 5.4.2)
explains how Diffie Hellman can be used with published public numbers. 

The public key is g^Sa mod p, g, and p.  The sender picks a random number
Sb, computes Kb = (g^Sa)^Sb mod p and uses this to encrypt the random
number used for the session key, Ks.  He sends g^Sb mod p along with the
message.  The recipient knows Sa (his private key), so he can compute Kb =
(g^Sb)^Sa mod p and use this to decrypt the session key, Ks, which is then
used to decrypt to message.

Some interesting points to note:

1. This DSS technique is evidently easier to implement than RSA, or it is
done to avoid the RSA patent (3).

2. While we say for simplicity that "the message is encrypted with the
public key," actually the message is encrypted with a one-time random
number, Ks. 

Ks is encrypted by a key, Kb, that depends on the random number Sa picked
by the sender for that particular message. The sender has to give the
recipient g^Sa mod p so that they can compute Kb and decrypt Ks.  Ks and Kb
will be different for each message you receive even if your "Public Key" is
constant.

>=============================
>- PGP allows you to put multiple recpients for a message when you decrypt
>it.. How does this work? When the same message is encrypted to multiple
>recipients, the cyphertext gets longer.. So is it possible that the
>message is encrypted with each private key and somehow concatanated
>together?
>------------------------
Messages are encrypted with a session key.  The sesion key is then
encrypted with the receipient's public key. See fig. 1.4 on p. 17 of (1).
If there are multiple receipients, the message part does not have to be
repeated.  Only another session key encrypted with the new receipient's
public key has to be added for each additional receipient.
===============

>-I also thought this was interesting.. On the "Introduction to
>Cryptography" pdf, p. 45, it mentions that MD5 has been almost broken and
>should not be used.. Is our book outdated about this?
>
------------  
Evidently.  From p.45 of (2).
http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto.pdf

"The message digest algorithm used by older versions of PGP is the MD5
Message Digest Algorithm, placed in the public domain by RSAData Security,
Inc. MD5 is a 128-bit hash algorithm. In 1996, MD5 was all but broken by a
German cryptographer, Hans Dobbertin. Although MD5 was not completely
broken at that time, it was discovered to have such serious weaknesses that
no
one should keep using it to generate signatures. Further work in this area
might completely break it, allowing signatures to be forged. If you donÕt
want
to someday find your PGP digital signature on a forged confession, you
might
be well advised to migrate to the newPGP DSS keys as your preferred method
for making digital signatures, because DSS uses SHA as its secure hash
algorithm."