While man-in-the-middle attacks are nothing new, several cryptography experts have recently demonstrated a weakness in the popular e-mail encryption program PGP. The experts worked with a graduate student to demonstrate an attack which enables an attacker to decode an encrypted mail message if the victim falls for a simple social-engineering ploy.
The attack would begin with an encrypted message sent by person A intended for person B, but instead the message is intercepted by person C. Person C then launches a chosen cipher text attack by sending a known encrypted message to person B. If person B has his e-mail program set to automatically decrypt the message or decides to decrypt it anyway, he will see only a garbled message. If that person then adds a reply, and includes part of the garbled message, the attacker can then decipher the required key to decrypt the original message from person A.
The attack was tested against two of the more popular PGP implementations, PGP 2.6.2 and GnuPG, and was found to be 100% effective if file compression was not enabled. Both programs have the ability to compress data by default before encrypting it, which can thwart the attack. A paper was published by Bruce Schneier, chief technology officer of Counterpane Internet Security Inc.; Jonathan Katz, an assistant professor of computer science at the University of Maryland; and Kahil Jallad, a graduate student working with Katz at the University of Maryland. It was hoped that the disclosure would prompt changes in the open-source software and commercial versions to enhance its ability to thwart attacks, and to educate users to look for chosen cipher text attacks in general.
PGP is the world?s best known e-mail encryption software and has been a favorite since Phil Zimmermann first invented it in 1991; it has become the most widely used e-mail encryption software. While numerous attacks have been tried, none have yet succeeded in breaking the algorithm. With the power of computers growing exponentially, cracking this or even more modern algorithms is only a matter of time.
What can be done to increase the time required to break an encryption algorithm?
What is often the trade-off when using more complex algorithms?
Phil Zimmermann had to face considerable resistance from the government before being allowed to distribute PGP. What were their concerns, and why did they finally allow its eventual release?
Think of other social engineering schemes that might be employed in an effort to intercept encrypted message
FOR THE ABOVE 4 QUESTIONS: DEADLINE 5 -7 HRS FORM NOW
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more