PGP crackable? PGP secure?

PGP crackable? PGP secure?

Post by VOLKER KAEMMERE » Wed, 19 Feb 1997 04:00:00



Hi,

I have a question to experts about PGP or people, which have mentionable
Source about the security of PGP.

I am start to become busy with Security, Coding and PGP. So I am a
beginner of this topic.

I have two opinions.

One is readable under
http://www.arc.unm.edu/~drosoff/pgp/pgp.html#safety
  "Here's what NetGuide has to say about PGP's uncrackable algorithms:
  `There are special programs to crack encrypted e-mail, but PGP is
  designed so that, by some estimates, a computer using 1 billion chips,
  each far more powerful than any that exist today, would require 10
  trillion years to try all possible combinations generated by just one
  of the encryption algorithms used in PGP. There are other encryption
  programs available, but as Zimmermann asks rhetorically, "Which has
  the government most upset?' "

The other one is only a Information, which I got and says, that
 "You can do using DNA structures. It's a method strictly  
 biological/chemical. One guy, using transformed equation from
 informatic encription to biological structures like DNA, and prepared
 other liquids, probably solutions, mixed them, and only solution
 reacts. In two day he could find solutions for PDP key. The article was
 in Polish, in "Software", but probably it was just translated
 from DDJ (Dr somebody Journal - highly professional edition), about 1-2
 year ago."

Does anybody knows something exactly about this second source?
What I should know believe?

Both articles seems to be 1-2 years old, and in case of this
compareable. But how is the actual status of PGP, still euphorical?

Please send a copy of your post directly on my email-address.
Thanks for a discussion in advance.

With Regards

        Volker Kaemmerer

--
Commission of the European Community            
Joint Research Centre (JRC)                    
Environment Institute (TP 321)
I-21020 Ispra (VA), Italy

Volker Kaemmerer
Tel.:   (+39) 0332/78-9520 (from outside)
             6106,6055  (only inside of the JRC)
Fax:    (+39) 0332/78-5466

WWW:    http://java.ei.jrc.it/remgroup/volker/

 
 
 

PGP crackable? PGP secure?

Post by Boudewijn W. Ch. Viss » Wed, 19 Feb 1997 04:00:00



>Hi,
>I have a question to experts about PGP or people, which have mentionable
>Source about the security of PGP.
>I am start to become busy with Security, Coding and PGP. So I am a
>beginner of this topic.
>I have two opinions.
>One is readable under
>http://www.arc.unm.edu/~drosoff/pgp/pgp.html#safety
>  "Here's what NetGuide has to say about PGP's uncrackable algorithms:
>  `There are special programs to crack encrypted e-mail, but PGP is
>  designed so that, by some estimates, a computer using 1 billion chips,
>  each far more powerful than any that exist today, would require 10
>  trillion years to try all possible combinations generated by just one
>  of the encryption algorithms used in PGP. There are other encryption
>  programs available, but as Zimmermann asks rhetorically, "Which has
>  the government most upset?' "
>The other one is only a Information, which I got and says, that
> "You can do using DNA structures. It's a method strictly  
> biological/chemical. One guy, using transformed equation from
> informatic encription to biological structures like DNA, and prepared
> other liquids, probably solutions, mixed them, and only solution
> reacts. In two day he could find solutions for PDP key. The article was
> in Polish, in "Software", but probably it was just translated
> from DDJ (Dr somebody Journal - highly professional edition), about 1-2
> year ago."

(Dr Dobbs Journal).

AFAIK DNA computing is still vapourware. I don't know of a single
instance where it was used to break even a small cryptosystem.
I think it is still in the stage of "we believe that theoretically
it should be possible to...".

Quote:>Does anybody knows something exactly about this second source?
>What I should know believe?
>Both articles seems to be 1-2 years old, and in case of this
>compareable. But how is the actual status of PGP, still euphorical?

PGP is still the best you can get.

Boudewijn
--
+-------------------------------------------------------------------+

|Dep. of Applied Physics,Delft University of Technology |PGP-key    |
+-- my own opinions etc --------------------------------------------+

 
 
 

PGP crackable? PGP secure?

Post by Steve Gilha » Wed, 19 Feb 1997 04:00:00



> Hi,
> I have a question to experts about PGP or people, which have mentionable
> Source about the security of PGP.
[snip]
> The other one is only a Information, which I got and says, that
>  "You can do using DNA structures. It's a method strictly  
>  biological/chemical. One guy, using transformed equation from
>  informatic encription to biological structures like DNA, and prepared
>  other liquids, probably solutions, mixed them, and only solution
>  reacts. In two day he could find solutions for PDP key. The article was
>  in Polish, in "Software", but probably it was just translated
>  from DDJ (Dr somebody Journal - highly professional edition), about 1-2
>  year ago."
> Does anybody knows something exactly about this second source?
> What I should know believe?

The DNA compuation method has been used to solve trivial (i.e. pencil
and paper range) Travelling Salesman problems, essentially by massive
paralleism.  Currently the technology has not been proven for large
computations.  But it will always be easier to use longer RSA keys
than to crack them.

-- Personal mail to steve*windsong.demon.co.uk (for which PGP is preferred) --
Steve Gilham       |GDS Ltd.,Wellington Ho. |My opinions, not those of GDS
Software Specialist|East Road, Cambridge    |Corporation or its affiliates.

    uk.gdscorp.com |Tel:(44)1223-300111x2904|http://www.windsong.demon.co.uk/

 
 
 

PGP crackable? PGP secure?

Post by Jonathan Ry » Fri, 21 Feb 1997 04:00:00




> One is readable under
> http://www.arc.unm.edu/~drosoff/pgp/pgp.html#safety
>   "Here's what NetGuide has to say about PGP's uncrackable algorithms:
>   `There are special programs to crack encrypted e-mail, but PGP is
>   designed so that, by some estimates, a computer using 1 billion chips,
>   each far more powerful than any that exist today, would require 10
>   trillion years to try all possible combinations generated by just one
>   of the encryption algorithms used in PGP. There are other encryption
>   programs available, but as Zimmermann asks rhetorically, "Which has
>   the government most upset?' "

      This is out of date; powerful computers can crack low-quality PGP
keys in reasonable amounts of time.  Thus, we create larger and larger
keys.  We can keep on making the keys larger, and even though computers
will get faster, the encryption quality will stay ahead of the ability to
break it.

Quote:> The other one is only a Information, which I got and says, that
>  "You can do using DNA structures. It's a method strictly  
>  biological/chemical. One guy, using transformed equation from

      There is a theorem in computer science that all problems of a certain
difficulty level (called NP) are equivalent to each other.  If you can
solve one NP problem in a given amount of time, it only takes a tiny bit
more time to solve any other NP problem.  Breaking PGP codes is an NP
problem.  This scientist was working with another NP problem, finding the
shortest route that would hit a bunch of cities at least once. He solved
this problem using DNA, I can tell you more about it if you like.  So, in
principle, he can crack a PGP code. But, he solved a very small problem, so
it only works for very low-quality PGP codes, and scaling it to larger
sizes hasn't worked.  DNA computing is a long way from being able to solve
anything.

Maybe it was from Dr. Dobb's Journal.

--
"Ethical Relativity: The exact same universal laws are always true,
 and apply to you no matter what your frame of reference is."

 
 
 

PGP crackable? PGP secure?

Post by Ian Sutherlan » Sat, 22 Feb 1997 04:00:00



>       There is a theorem in computer science that all problems of a certain
> difficulty level (called NP) are equivalent to each other.

I think you mean NP-complete, not NP.  There's also a very
specific sense in which they're equivalent, and there are
multiple notions of equivalence.

Quote:> If you can
> solve one NP problem in a given amount of time, it only takes a tiny bit
> more time to solve any other NP problem.

"Tiny bit more" meaning "some amount of time polynomial in the
size of the problem description".  That can be somewhat less
than "tiny" in the colloquial sense ...

Quote:>  Breaking PGP codes is an NP
> problem.

Literally true, but breaking PGP codes is _not_, last I heard,
known to be NP-complete.  Saying something is merely NP doesn't
mean it's hard, since all deterministic polynomial time problems
are also NP.
--

Bell Labs, Naperville, IL       voice: (630)224-2250

Sans Peur

 
 
 

PGP crackable? PGP secure?

Post by Raymond Wilso » Tue, 25 Feb 1997 04:00:00




> >  Breaking PGP codes is an NP
> > problem.

> Literally true, but breaking PGP codes is _not_, last I heard,
> known to be NP-complete.  Saying something is merely NP doesn't
> mean it's hard, since all deterministic polynomial time problems
> are also NP.

To pin the tail on the donkey, so to speak, cracking PGP (and hence its
strength) relies on the algorithmic difficulty of prime factorising
large numbers. Currently (I believe) the best known prime factorisation
algorithm is O(n cubed). If someone were to find an algorithm capable of
prime factorisation in linear time then PGP would become about as secure
as Ceasars cipher!

Raymond.

 
 
 

PGP crackable? PGP secure?

Post by Michael Deind » Wed, 26 Feb 1997 04:00:00


J>       This is out of date; powerful computers can crack low-quality PGP
J> keys in reasonable amounts of time.  Thus, we create larger and larger
J> keys.

Well, there're estimates how long it would take to factor a 512-bit
RSA-modulus.  They're still far beyond "reasonable effort" for
ordinary people.  (And state-enemies have to worry about other
problems, too.  Like not borrowing a mobile-phone from your brother.)

J> Breaking PGP codes is an NP problem.

Uhh?!?  If you mean factoring the modulus, I'd be very interested to
see a reference to the proof, that factoring is in NP.  AFAIK
factoring is not in NP.

Have a nice day,
Michael
--
 Neither do I speak for anyone else, nor does anyone else speak for me!

IBM Germany -- Dev. Lab. -- SmartCard Software -- Cryptography & Security

 
 
 

PGP crackable? PGP secure?

Post by Colin A. Ree » Sun, 02 Mar 1997 04:00:00





> > >  Breaking PGP codes is an NP
> > > problem.

> > Literally true, but breaking PGP codes is _not_, last I heard,
> > known to be NP-complete.  Saying something is merely NP doesn't
> > mean it's hard, since all deterministic polynomial time problems
> > are also NP.

> To pin the tail on the donkey, so to speak, cracking PGP (and hence its
> strength) relies on the algorithmic difficulty of prime factorising
> large numbers. Currently (I believe) the best known prime factorisation
> algorithm is O(n cubed). If someone were to find an algorithm capable of
> prime factorisation in linear time then PGP would become about as secure
> as Ceasars cipher!

> Raymond.

        Actually, PGP also relies on the randomness of the numbers used to seed
the key generation.  Having looked at its random number generation, I
can assure you that whoever wrote it was at least slightly confused
about what constitutes randomness.  Therefor, an attack based on the
predictability of keys might be valid, and thus greatly decrease the
strength of the code.  (this is how netscape was cracked)  
        PGP seems to depend on system calls, the results of which are
predictable or correlated, to generate some of the randomness it needs,
which is worrisome.  It also does some wierd stuff with md5 to
"distribute" randomness.  I'm not sure how valid this is.  
        Anyway, randomness is a very difficult and obscure subject, so it's
what usually gets messed up in a cryptosytem.  Nonrandom keys can easily
ruin an otherwise good algorithm.  This is why I won't trust a
cryptographic program unless I or somebody I have reason to trust has
read the source carefully and fully undarstands everything it does.  (I
don't currently trust any system)

                                        -Colin

 
 
 

PGP crackable? PGP secure?

Post by Colin A. Ree » Mon, 03 Mar 1997 04:00:00








> >> > >  Breaking PGP codes is an NP
> >> > > problem.

> >> > Literally true, but breaking PGP codes is _not_, last I heard,
> >> > known to be NP-complete.  Saying something is merely NP doesn't
> >> > mean it's hard, since all deterministic polynomial time problems
> >> > are also NP.

> >> To pin the tail on the donkey, so to speak, cracking PGP (and hence its
> >> strength) relies on the algorithmic difficulty of prime factorising
> >> large numbers. Currently (I believe) the best known prime factorisation
> >> algorithm is O(n cubed). If someone were to find an algorithm capable of
> >> prime factorisation in linear time then PGP would become about as secure
> >> as Ceasars cipher!

> >> Raymond.
> >        Actually, PGP also relies on the randomness of the numbers used to seed
> >the key generation.  Having looked at its random number generation, I
> >can assure you that whoever wrote it was at least slightly confused
> >about what constitutes randomness.  Therefor, an attack based on the
> >predictability of keys might be valid, and thus greatly decrease the
> >strength of the code.  (this is how netscape was cracked)
> >        PGP seems to depend on system calls, the results of which are
> >predictable or correlated, to generate some of the randomness it needs,
> >which is worrisome.  It also does some wierd stuff with md5 to
> >"distribute" randomness.  I'm not sure how valid this is.
> >        Anyway, randomness is a very difficult and obscure subject, so it's
> >what usually gets messed up in a cryptosytem.  Nonrandom keys can easily
> >ruin an otherwise good algorithm.  This is why I won't trust a
> >cryptographic program unless I or somebody I have reason to trust has
> >read the source carefully and fully undarstands everything it does.  (I
> >don't currently trust any system)

> >                                        -Colin

> So why don't you present a patch for public scrutiny and possible
> incorporation into the PGP codebase?

because I have not been able to come up with a good source of random
numbers available on any computer.  Good in this case means transparent
to the user, uniformly ditributed and not correlated to any observable
data.  This could probably be done given special hardware (such as
measuring radioactive decay).  I did not mean to say that the people who
coded PGP had done a particularly bad job, it's just a very difficult
problem, usually overlooked, and at the moment I know of no good
solution.  In fact PGP does a better job than most in using keyboard
input for most of its randomness.  This does place a burden on the user
however, and PGP does other things, like preserving randseed.bin, that
are not so great.  

                             -Colin

 
 
 

PGP crackable? PGP secure?

Post by yoda » Mon, 10 Mar 1997 04:00:00


-----BEGIN PGP SIGNED MESSAGE-----



<snip>

Quote:>Actually, PGP also relies on the randomness of the numbers used to seed
>the key generation.  Having looked at its random number generation, I
>can assure you that whoever wrote it was at least slightly confused
>about what constitutes randomness.

Many are confused about that.  Can you give more details on why you
believe that the authors of PGP are among the confused?

Quote:>PGP seems to depend on system calls, the results of which are
>predictable or correlated, to generate some of the randomness it needs,
>which is worrisome.

Which calls are you referrring to?

Quote:>  It also does some wierd stuff with md5 to
>"distribute" randomness.  I'm not sure how valid this is.  

Using MD5, or any other cryptographically strong hash, is a pretty
standard method of distributing randomness.  What exactly did you find
weird?

Quote:>    Anyway, randomness is a very difficult and obscure subject, so it's
>what usually gets messed up in a cryptosytem.  Nonrandom keys can easily
>ruin an otherwise good algorithm.  

Very true.  Golberg and Wagner's much publicized Netscape attack is an
example.  They found predictability in session keys, and system calls
contributed to the weakness.  Such things can be done poorly.  Where do
you find that this is poorly done in PGP?

I don't mean to be disparaging, you may well have a valuable
observation.  You have not yet revealed it, however.  If you have found
a bug in PGP, please publicise it.  Can you cite the lines of code that
cause you unease?

<snip>

                                        -Colin
Yoda

~~~
This PGP signature only certifies the sender and date of the message.

Date: Sun Mar  9 06:01:38 1997 GMT

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMyJSQ05NDhYLYPHNAQEHDAf9F2xGG7eDX3AyzaOOKR/OZ/f/Rbtt/g+F
ZVxRbD3Dapcge2IlQQ+n2fGzfWa6AhjbS+AX379IVz1dGcZbek1FTBYtPrvWvVTE
VzbJVVSR4C03JULNkf9I5zEypR3h+ivXWY3uWnJDhRsvpedNjXn1VsFpivJUZmic
gr8sZWYSG1ABJe+/3g4/zPC3Ue/gvB26IVP+6hPF84Kb5TLQGwczaYbSL5ZHfKZh
VJh9/0eto4Zd1Z6E5/yO4WUrof16unrYhozXSzv1dIsxeEp/AffSe/HqhT8Itxpf
LZbjkWpEB4QxMvyEqoAuHSkfmI48LNzl+zCzbt0UTrNvxirsIM2j6Q==
=RRR+
-----END PGP SIGNATURE-----

 
 
 

PGP crackable? PGP secure?

Post by Colin A. Ree » Mon, 10 Mar 1997 04:00:00



> -----BEGIN PGP SIGNED MESSAGE-----



> <snip>

> >Actually, PGP also relies on the randomness of the numbers used to seed
> >the key generation.  Having looked at its random number generation, I
> >can assure you that whoever wrote it was at least slightly confused
> >about what constitutes randomness.

> Many are confused about that.  Can you give more details on why you
> believe that the authors of PGP are among the confused?

> >PGP seems to depend on system calls, the results of which are
> >predictable or correlated, to generate some of the randomness it needs,
> >which is worrisome.

> Which calls are you referrring to?

I thought there was somewhere where pgp called for system information
(number of processes running, how much cpu time they were using, current
time, etc.) and used that as random information.  The problem with that
is that some of it is stored (all pgp files are timestamped) and some of
it is either non-random or correlated with other stuff.  I can't find it
though, so it might not be in there.  Also, the way in which randomness
is estimated is odd.  You can't tell from a single number how random it
was!  However, the method used does seem conservative enough to work.  
Quote:

> >  It also does some wierd stuff with md5 to
> >"distribute" randomness.  I'm not sure how valid this is.

> Using MD5, or any other cryptographically strong hash, is a pretty
> standard method of distributing randomness.  What exactly did you find
> weird?

I hadn't seen it before, so it seemed odd.  It is provable that any
function of a random variable will be have at most the same randomness
as the original variable.  This should be obvious, However, usually
functions of random variables are less random.  The stirring might be
desirable in order to get a random variable with a more or less uniform
distribution, but like I said, I had't seen it before, and I haven't
seen a proof yet, so I suspect it.  (This is probably because I haven't
really been looking for one though.)
Quote:> >       Anyway, randomness is a very difficult and obscure subject, so it's
> >what usually gets messed up in a cryptosytem.  Nonrandom keys can easily
> >ruin an otherwise good algorithm.

> Very true.  Golberg and Wagner's much publicized Netscape attack is an
> example.  They found predictability in session keys, and system calls
> contributed to the weakness.  Such things can be done poorly.  Where do
> you find that this is poorly done in PGP?

> I don't mean to be disparaging, you may well have a valuable
> observation.  You have not yet revealed it, however.  If you have found
> a bug in PGP, please publicise it.  Can you cite the lines of code that
> cause you unease?

> <snip>

I never said I found anything specific that was wrong.  I just said that
the RNG was confusing to the point where I wonder if it is any good.  I
guess I should put myself at the top of the list of people are confused
about this, which is why I don't trust it.  When I manage to understand
it completely I'll either trust it or fix it until I do.  

                             -Colin

 
 
 

PGP crackable? PGP secure?

Post by Ian Sutherlan » Thu, 13 Mar 1997 04:00:00





> > >  Breaking PGP codes is an NP
> > > problem.

> > Literally true, but breaking PGP codes is _not_, last I heard,
> > known to be NP-complete.  Saying something is merely NP doesn't
> > mean it's hard, since all deterministic polynomial time problems
> > are also NP.

> To pin the tail on the donkey, so to speak, cracking PGP (and hence its
> strength) relies on the algorithmic difficulty of prime factorising
> large numbers.

Actually, last I heard, it was not known that cracking PGP required
factoring.  That's just the most obvious way.

Quote:> Currently (I believe) the best known prime factorisation
> algorithm is O(n cubed).

I assume that "n" here is the number being factored rather than the
number
of bits in the number, else primality testing would be in P, which is
not
known last I heard.

Quote:> If someone were to find an algorithm capable of
> prime factorisation in linear time then PGP would become about as secure
> as Ceasars cipher!

True, if by "linear time" you mean "linear in the number of bits in the
number".
Linear in the number itself is still exponential in the number of bits.

--

Bell Labs, Naperville, IL

Sans Peur

 
 
 

PGP crackable? PGP secure?

Post by Ian Sutherlan » Thu, 13 Mar 1997 04:00:00



> J> Breaking PGP codes is an NP problem.

> Uhh?!?  If you mean factoring the modulus, I'd be very interested to
> see a reference to the proof, that factoring is in NP.  AFAIK
> factoring is not in NP.

In Papadimitriou's _Computational Complexity_, he shows on
p. 222 that determining whether a number is prime or not is
in NP.  It follows trivially from that that factoring is in
NP (it's talked about elsewhere in the same book).  This
result is not obvious, but it is known.

--

Bell Labs, Naperville, IL

Sans Peur

 
 
 

PGP crackable? PGP secure?

Post by Boudewijn W. Ch. Viss » Fri, 14 Mar 1997 04:00:00




>> J> Breaking PGP codes is an NP problem.

>> Uhh?!?  If you mean factoring the modulus, I'd be very interested to
>> see a reference to the proof, that factoring is in NP.  AFAIK
>> factoring is not in NP.
>In Papadimitriou's _Computational Complexity_, he shows on
>p. 222 that determining whether a number is prime or not is
>in NP.  It follows trivially from that that factoring is in
>NP (it's talked about elsewhere in the same book).  This
>result is not obvious, but it is known.

I think there must be a mistake somewhere.
Your/Papadimitriou's statement would also imply that the Extended Riemann
Hypothesis is false, which would be -very- great news.

The RSA faq (http://www.rsa.com/rsalabs/faq/) also does not mention that
factoring is in NP.

Boudewijn
+-------------------------------------------------------------------+

|Dep. of Applied Physics,Delft University of Technology |PGP-key    |
+-- my own opinions etc --------------------------------------------+

To quote from a posting by Bob Silverman :

Subject:      Re: When a prime isn't a prime

Date:         1997/03/02

Newsgroups:   comp.security.pgp.tech,sci.crypt
[More Headers]


> Secondly: with
>respect, who cares what your opinions are?  Most number theorists seem
>to disagree with you.  If the Extended Riemann Hypothesis is true, and
>it seems very plausible, we will have a polynomial time primality proof.

Indeed. Let me point out however, that a P-Time algorithm, based on
Miller's test [i.e. find a primitive root less than 2 log^2 N; the bound given
by ERH] is SLOWER than the non-polynomial algorithms [Cohen-Lenstra-Bosma]
and also slower than Elliptic Curve methods, even though the latter is also
suspected to be polynomial time [it is O(log^6 N) if certain conjectures about
distribution of primes and P2's in short intervals are correct]

Quote:>However, those same number theorists will accept that until ERH is
>proved or disproved, their opinions will remain just that: opinions.

These opinions are based on strong heuristic arguments as well as
strong numerical evidence.

Quote:>And I will tell you a much easier way.  Get hold of ECPP or UBASIC's
>APRT-CL and examine how they can be used to prove primality of 256-bit
>primes with very little effort, of 1024-bit primes in a few hours and
>4096-bit primes with significant but not unreasonable effort (a few
>months on a few dozen machines).

I suspect Bosma's improvements to Cohen-Lenstra will make it faster
than ECPP on primes up to 4096 bits. I am not sure of the exact crossover.
It will, of course, be machine and implementation dependent.
--------- end quoted posting------

--
+-------------------------------------------------------------------+

|Dep. of Applied Physics,Delft University of Technology |PGP-key    |
+-- my own opinions etc --------------------------------------------+

 
 
 

PGP crackable? PGP secure?

Post by Ian Sutherlan » Fri, 14 Mar 1997 04:00:00




> >In Papadimitriou's _Computational Complexity_, he shows on
> >p. 222 that determining whether a number is prime or not is
> >in NP.  It follows trivially from that that factoring is in
> >NP (it's talked about elsewhere in the same book).  This
> >result is not obvious, but it is known.

> I think there must be a mistake somewhere.
> Your/Papadimitriou's statement would also imply that the Extended Riemann
> Hypothesis is false, which would be -very- great news.

I'm not sure what the mistake is, but I'm fairly sure it's not
in Papadimitriou.  Judging from your remark about the Extended
Riemann Hypothesis, it may be a terminological problem.  "NP",
as used by complexity theorists, does not stand for "NonPolynomial".
"NP" stands for "Nondeterministic Polynomial".  A problem being in
NP means it can be solved in polynomial time by a nondeterministic
Turing machine.  The class "P" is the class of problems solvable
in polynomial time by a _deterministic_ Turing machine.  A
problem being in NP doesn't mean it's _not_ in P: P is a subset
of NP.

Quote:> The RSA faq (http://www.rsa.com/rsalabs/faq/) also does not mention that
> factoring is in NP.

Can't help that :-)

--

Bell Labs, Naperville, IL

Sans Peur

 
 
 

1. PGP To Secure or not Secure???

OK, I have no technical expertise.  I would just like to know how good
this PGP program is.  If someone steals your computer and it has your
secret key on it.  How easy is it for them to decrypt your files?  I
assume without the key it is extremely difficult.

Thanks!!!

2. SmartDoc - help!

3. Is PGP 5.0 crackable?

4. Request: Info on hisoftc/devpack?

5. PGP crackable

6. Practical Peripherals V42bis Modem

7. PGP is crackable

8. Lots of Amiga questions?

9. vi and pgp (was: mutt & pgp 6.5.8)

10. Command Line PGP or PGP DLLs

11. PGP plugin 4.9.5 [PGP 7 crash fix and more] for Pegasus Mail released

12. PGP plugin 4.9.4 [improved PGP/MIME and QP handling] for Pegasus Mail released

13. PGP 8.0 Enterprise: PGP standards for key creation process