You wrote:
> Hi there!
>
> What do you guys think about the reliability of the news (unfortunatelly
> in German only) on www.golem.de
> (http://www.golem.de/news/bundesregierung-deutsche-geheimdienste-koennen-pgp-
> entschluesseln-1205-92031.html) that the German government claims to be
> able to break PGP and SSH. The official answer to some MPs and the party
> "Die Linke" is here:
> http://www.andrej-hunko.de/start/download/doc_download/225-strategische-fernm
> eldeaufklaerung-durch-geheimdienste-des-bundes
>
> For the non-German speaking (found on page 3 of the official document):
>
> Question:
> "3. Is the technique used also able to at least in part decode and/or
> analyze encrypted communication (e.g. by SSH of PGP)?"
>
> Answer:
> "Yes, the technique used is in principle able to do this,
^^^^^^^^^^^^
Another theoretical attack? Yawn
RC4? MD5? don't use them.
> depending on the way and quality
^^^^^^^^^^^^^^^
512 bit pubkeys, definitely factorable. 768 maybe. 1024 with the help of the
MIBs. More than that, not for another 5-10 years. If you have the private
key, weak passphrases are always susceptible to dictionary attacks.
> Is this some sort of Governmental FUD by just NOT adding s.th. like "if
> the password/passphrase is weak enough"?
Can't read the article but sounds like FUD from what they answered.
Password or passphrase has nothing to do with breaking PGP or SSH unless you
have the user's private key. Only the length of the public key matters. Use
2048 bit keys and nobody is getting your plaintext without bashing your balls.
-----BEGIN PGP MESSAGE-----
jA0ECgMKIXIw0QVfan1g0lUBkJ3SZO7SlnfESJIKbRHgSr+1VlpnsD/zs6lephjt
Xd8LKAMjYZIkTtgNdnusBSz4Y7H53sV4i8jvHSomZUi1F1dcQFIyUT9JZXnyrq8q
JLJeyIHw
=NcjT
-----END PGP MESSAGE-----
