Can the NSA Crack GnuPG

Mercury Rising mercuryrising11 at gmail.com
Tue Feb 23 09:00:21 CET 2016


I saw his old disturbing post at:
<http://www.austinlinks.com/Crypto/break-pgp.html>
I am having a hard time believing it, but if Zimmerman did put in a
backdoor code in PGP and GnuPG is based on that, wouldn't it be compromised?
I would trust a multinational team of software engineers who have read the
source code after compiling that this is not true.

It says:


"NSA Can Break PGP Encryption"
------------------------------

"A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
deadly mistake. In Idaho, a left-wing activist by the name of Craig
Steingold was arrested *one day* before he and others were to stage a
protest at government buildings; the police had a copy of a message sent by
Steingold to another activist, a message which had been encrypted with PGP
and sent through E-mail."

"Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to allow
the NSA to easily break encoded messages. Early in 1992, the author, Paul
Zimmerman, was arrested by Government agents. He was told that he would be
set up for trafficking narcotics unless he complied. The Government
agency's demands were simple: He was to put a virtually undetectable
trapdoor, designed by the NSA, into all future releases of PGP, and to tell
no one."

"After reading this, you may think of using an earlier version of PGP.
However, any version found on an FTP site or bulletin board has been
doctored. Only use copies acquired before 1992, and do NOT use a recent
compiler to compile them. Virtually ALL popular compilers have been
modified to insert the trapdoor (consisting of a few trivial changes) into
any version of PGP prior to 2.1. Members of the boards of Novell,
Microsoft, Borland, AT&T and other companies were persuaded into giving the
order for the modification (each ot these companies' boards contains at
least one Trilateral Commission member or Bilderberg Committee attendant)."

"It took the agency more to modify GNU C, but eventually they did it. The
Free Software Foundation was threatened with "an IRS investigation", in
other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992."

"Distribute and reproduce this information freely. Do not alter it."
------------------------------

*"Hint*: This is a joke!"
------------------------------

*"WebMistress at quadralay.com <webmistress at quadralay.com>"*
Well I hope it was a joke! I went to an EFF meeting in San Francisco and
this big guy came up to me and said he had a program that would would break
PGP. Then Elvis left the building fast so I could not follow him fast
enough although I really tried. IMHO an agent of the Illuminati or its
branch arm, the NSA. Cast doubts into the strength of 4096 or larger keys.
I don't know how many prime numbers are possible between 2 bits (II binary
= decimal 3) and 4096 bits = decimal a google maybe???)  are possible. Now
multiply the two prime numbers of this size into a larger number then
reverse factor and find the two originating prime numbers.  Now here's a
question? If you had a chart showing every prime number multiplied by every
other prime number couldn't there be a database for every multiplied larger
number showing the possibilities of each of these prime number sets?  Some
of these larger numbers may only have one pair of numbers that would work.
AN ADVANCED Database program using array capabilities might help. How big
would this data base be and how fast could it be searched? The man who
disappeared said he authored a database program using arrays for non
encryption uses but said it could break PGP.  How does key generation work.
Does PGP go into some large database of primes and just choose two?  If it
just pulled two numbers out of a hat, PGP would have to determine if the
numbers were prime or not. Reverse factoring to test some very large
numbers might take a very long time? You must have two of these primes to
be able to multiply them.

Apple phones on the other hand - its the password that makes all the
difference. 10 bad tries of 4-6 digit numbers and all the data is wiped. I
have no idea what kind of encryption they use for the data itself.

Elwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160223/d7013ef8/attachment-0001.html>


More information about the Gnupg-users mailing list