Xref: sparky sci.crypt:6464 alt.security.pgp:462
From: mkag...@lynx.dac.northeastern.edu (michael kagalenko)
Subject: discussion desired
Organization: Northeastern University, Boston, MA. 02115, USA
Date: Thu, 7 Jan 1993 00:28:20 GMT
I'd appreciate greately your enlightened opinions on the following article.
(disclaimer : I have no qualification in the Great Science of
Cryptology(tm) ; I'm just posting someone's e-mail)
About using the electronic signature for protection of
The analysis of PGP ver.2.0 program.
THE MOSCOW STATE UNIVERSITY named after m.V. Lomonosov
THE MATHEMATICAL CRYPTOGRAPHY PROBLEMS LABORATORY
The MSU mathematical cryptography problems laboratory
employeers with some addition specialists were executed the
preliminary analysis of PGP ver.2.0 program.
The preliminary study of working and program source code
analysis result in following PGP features and problems:
1. The common character problems
- the sequence of random numbers has strong prevalences on
bytes (up to 0.05 ... 0.1 on material of 10000 byte) and strong
correlation dependence between contiguous bytes;
- the program doesn't check it's own integrity, so it can be
infected by "virus" which intercept confidential keys and
passwords used for their protection and save them onto magnetic
- the program has not optimal exponentiation algorithm in
GF(P) field, when P - prime number, which result in low
2. The RSA algorithm realization problems
- the prime numbers reception using in this program (R and q
in RSA algorithm) permits not less than on two order to reduce
the labour-intensiveness of factorization; with 256 bit blocks
of data lenght it is possible to execute the cryptanalysis in
- before using RSA the program executes compression and block
encryption that positively affects on the common stability
3. The electronic signature problems
- for signature calculation the program originally executes
hashing of file into number of given length (256, 512 or 1024 bit),
but hashing function does not corresponds the ISO recommendations;
- when considering the hashing function as the automatic device
without output, it is enough simply possible to construct the
image of reverse automatic device and with using the blanks in
text files (or free fields in some standard formats as in DBF),
to compensate the hashing function at changed file to former
Thus, it is possible to forge the electronic signature
without analysis of RSA algorithm.
4. The block encryption algorithm problems
- when executing analysis on plaintext and ciphertext the
linear correlation dependences with encryption key were founded
(0.01 and more degree);
- also the effective method of decreasing security which
reduces the order of time necessery to key definition in two
times in comparison with exhaustive search of all keys (i.e.
algorithm has the labour-intensiveness which is equal the root
square from labour-intensiveness of the exhaustive search algorithm)
have been found.
It is recommended to use encryption with 1024 bit key length.
The using of electronic signature is not recommended and
requires the additional study.
The block encryption algorithm has temporary stability.
The hashing function should be reduce in conformity with ISO
The using of PGP program in actual version is undesired.
The MSU mathematical cryptography
problems Laboratory Manager
Dr. Sidelnikov V.M.