<span style="font-family: Arial; font-size: 13px;"><div> From Elwin in Lloydminster, Alberta, Canada (visiting family) July 22, 2019</div><div><br></div><div>Ryan & gnupg-users,</div><div><br></div><div>Concerning "Essay on PGP as it is used today"<br></div><div><br></div><div>When I went to the link it said it said,</div><div><br></div><div> "The PGP Problem"</div><div><br></div><div>I searched and determined the author is unknown from from what I could see.</div><div><br></div><div>The Essay suggested a number of alternatives for private messaging. The first</div><div>was Signal. I downloaded it to my phone. Then the thought came to me, "how</div><div>secure is signal? I looked for a short time and found this:</div><div><br></div><div>Signal Desktop Leaves Message Decryption Key in Plain Sight<br><a href="https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/">https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/</a><br></div><div><br></div><div>Why would the nameless author of this essay suggest people use Signal when</div><div> anyone given access to a computer be able to just go into unprotected directories <br></div><div>and get the key to signal and open all past messages sent. Governments must <br></div><div>love this feature.</div><div><br></div><div>The fact that the author can not be questioned because there is no way to contact him/her <br></div><div>is the first big clue someone is trying to crash the faith people have in PGP or GnuPG. This <br></div><div>has happened before to me. <br></div><div><br></div><div>I went to an EFF (Electronic Frontier Foundation) meeting and a big and tall guy came to <br></div><div>me and told me that he had a way of Breaking PGP and told me he had been working on a <br></div><div>database program that made this possible and spouted off terms I had never heard before. <br></div><div>I turned around for a second or few and turned back and he was gone. I searched the room <br></div><div> with my eyes and couldn't find him. I went to the outside door and looked up and down the <br></div><div>street to no avail. I went to the Intersection and looked around - nothing. I went back inside, <br></div><div>and I couldn't find him. I had questions.</div><div><br></div><div>Doubts flooded my mind. I went and looked at the fundamentals. The PGP I am interested in <br></div><div>is the PGP based on RSA because it cannot be broken using a very large Prime number <br></div><div>set that are multiplied together and assuming these numbers are in a supply in the quadrillions <br></div><div>times quadrillions. I have had a hobby of codes and ciphers and have around 200 books on what <br></div><div>most common people would consider the ways to write things they cannot understand or even <br></div><div>see. I was a subway train operator and Railroad brakeman for over 41 years then retired but <br></div><div>am not a math wiz. If you had a multi processor computer like at Laurence Livermore National <br></div><div>Labs that can independently parallel process millions of possibilities a second how long would <br></div><div>it take to break one PGP RSA encoded/enciphered message. So if there are certain prime <br></div><div>numbers that do not qualify to be used, how many numbers are left? So you have one qualifying <br></div><div>very large prime. <br></div><div><br></div><div>You go to a list of other very large prime numbers and separately use each number with your <br></div><div>first chosen very large prime number to make a key and test that key against the message with <br></div><div>the unknown key. If nothing on the List pans out you choose the next very large prime number <br></div><div>and reuse the very large prime number list. How many numbers make up the very large prime <br></div><div>number list?</div><div><br></div><div>Elwin<br></div><div><br>
</div><div>Sent using Hushmail</div>
<br><br>On 7/16/2019 at 9:31 PM, "Ryan McGinnis via Gnupg-users" <gnupg-users@gnupg.org> wrote:<blockquote style="border-left:solid 1px #ccc;margin-left:10px;padding-left:10px;"><div>More than a bit critical, but a good read all the same. Found on HN. </div><div><br></div><div><a target="_blank" href="https://latacora.micro.blog/2019/07/16/the-pgp-problem.html" onclick="window.open('https://latacora.micro.blog/2019/07/16/the-pgp-problem.html');return false;">https://latacora.micro.blog/2019/07/16/the-pgp-problem.html</a><br></div><div><br></div><div>HN comment thread here: <a target="_blank" href="https://news.ycombinator.com/item?id=20455780" onclick="window.open('https://news.ycombinator.com/item?id=20455780');return false;">https://news.ycombinator.com/item?id=20455780</a><br></div><div><br></div><div><br></div><div class="protonmail_signature_block"><div class="protonmail_signature_block-user"><div>-Ryan McGinnis <br></div><div><a href="https://bigstormpicture.com" target="_blank">https://bigstormpicture.com</a> <br></div><div>PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD<br></div><div>Sent with ProtonMail<br></div></div><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div><br></div></blockquote></span>