> References - (1) is pp. 1-25 of (2), all that's needed for Quiz 2. 1. http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto1-25.pdf 2. http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto.pdf 3. http://www.csc.gatech.edu/~copeland/6086/pgp/pgp_timeline.html >I some general questions about PGP (I looked in the manual, but I didn't >see the answer).. > >- Why does PGP use Diffie Hellman/DSS instead of using RSA? --------------------- You only need to establish a secret key, to encrypt the session key actually used the encrypt the message. Page 150 in the text (sec. 5.4.2) explains how Diffie Hellman can be used with published public numbers. The public key is g^Sa mod p, g, and p. The sender picks a random number Sb, computes Kb = (g^Sa)^Sb mod p and uses this to encrypt the random number used for the session key, Ks. He sends g^Sb mod p along with the message. The recipient knows Sa (his private key), so he can compute Kb = (g^Sb)^Sa mod p and use this to decrypt the session key, Ks, which is then used to decrypt to message. Some interesting points to note: 1. This DSS technique is evidently easier to implement than RSA, or it is done to avoid the RSA patent (3). 2. While we say for simplicity that "the message is encrypted with the public key," actually the message is encrypted with a one-time random number, Ks. Ks is encrypted by a key, Kb, that depends on the random number Sa picked by the sender for that particular message. The sender has to give the recipient g^Sa mod p so that they can compute Kb and decrypt Ks. Ks and Kb will be different for each message you receive even if your "Public Key" is constant. >============================= >- PGP allows you to put multiple recpients for a message when you decrypt >it.. How does this work? When the same message is encrypted to multiple >recipients, the cyphertext gets longer.. So is it possible that the >message is encrypted with each private key and somehow concatanated >together? >------------------------ Messages are encrypted with a session key. The sesion key is then encrypted with the receipient's public key. See fig. 1.4 on p. 17 of (1). If there are multiple receipients, the message part does not have to be repeated. Only another session key encrypted with the new receipient's public key has to be added for each additional receipient. =============== >-I also thought this was interesting.. On the "Introduction to >Cryptography" pdf, p. 45, it mentions that MD5 has been almost broken and >should not be used.. Is our book outdated about this? > ------------ Evidently. From p.45 of (2). http://www.csc.gatech.edu/~copeland/6086/pgp/Intro%20to%20Crypto.pdf "The message digest algorithm used by older versions of PGP is the MD5 Message Digest Algorithm, placed in the public domain by RSAData Security, Inc. MD5 is a 128-bit hash algorithm. In 1996, MD5 was all but broken by a German cryptographer, Hans Dobbertin. Although MD5 was not completely broken at that time, it was discovered to have such serious weaknesses that no one should keep using it to generate signatures. Further work in this area might completely break it, allowing signatures to be forged. If you donŐt want to someday find your PGP digital signature on a forged confession, you might be well advised to migrate to the newPGP DSS keys as your preferred method for making digital signatures, because DSS uses SHA as its secure hash algorithm."