PGP also supports a number of configuration options that only make sense on the command line. Table 11.5 lists these options. As you saw in table 11.4, these options are also used by putting a plus sign before the name, and following it with an equal sign and the value. For example, to turn off compression you can add +compress=off to the command line.

If you want to use PGP as a random number generator, for instance, it can be configured to make a file of random numbers. You can specify this using the makerandom option. For example, to generate 1k of random data into a file named output.bin, you would use this command:

pgp +makerandom=1024 output.bin\\

The configuration options are best used by setting the preferred default options in the configuration file and then using the command-line options to change the defaults when necessary. For example, a suggested mode is to specify TEXTMODE and ARMOR to be true in the configuration file, and use +armor=off or +textmode=off on the command line when textmode or armor mode or both are not desired.

Security of PGP

The use of a security program does not ensure that your communications will be secure. You can have the most secure lock on the front door of your house, and a prowler can still crawl in through an open window. Similarly, your computer can be just as vulnerable, even when using PGP.

A number of known attacks exist against PGP; the next few sections cover many of them. However, this is by no means a complete list. Attacks may be found in the future that break all public key cryptography. This list tries to give you a taste of what you need to protect your communications.

The Brute Force Attack

The most direct attack against PGP is to brute force the keys that are used. Because PGP 2.6.2 uses two cryptographic algorithms, it is appropriate to look at the security of both algorithms. For public key cryptography, PGP uses the RSA algorithm; for secret key cryptography, it uses IDEA.

Brute Force on RSA Keys

For RSA keys, the best brute force attack known is to try to factor them. RSA keys are generated so that they are difficult to factor. Moreover, factoring large numbers is still a new art.

One of the more recent, and largest, RSA keys to be factored was RSA-129, which was factored in April 1994. RSA-129 was the original RSA challenge number that was created in 1977 when the RSA algorithm was devised. It is a 129-decimal digit RSA key, which is equivalent to about 425 bits. A worldwide effort to factor the number used the resources of 1,600 computers for over eight months of real time. This figures out to 4,600 MIPS-years; a MIPS-year is the amount of data a 1 MIPS machine could process in one year.

For example, a Pentium 100 is approximately 125 MIPS (according to Intel). If one Pentium 100 machine were to run full time for one full year on a problem, it would donate 125 MIPS-years. At this rate, it would take one machine just about 37 years to break RSA-129. Alternatively, 100 machines could break the code in just over 4 months, which is about half the time of the actual project.

Currently, PGP version 2.6.2 uses keys between 512 and 2,048 bits. The larger the key the harder it is to factor. At the same time, increasing the keysize increases the time it takes to use that key. To date, a 512-bit key is believed to give about one year of security; access to 100 Pentium 100 machines should take at least a year to crack a 512-bit RSA key. If that is true, then a 1,024-bit key, given today’s newest algorithms, will be secure for the next 10,000 years, assuming no more increases in technology. If technology increases, less time will be required. It seems likely, however, that technology will continue to advance.

Brute Forcing IDEA Keys

There are no known attacks against IDEA keys at this time. The best that can be done is trying all 2¹²⁸, or 3.4×10³⁸, keys. Given the difficulty in performing this test, it is actually easier to try to break the RSA keys that are used to encrypt the IDEA keys in PGP. It has been estimated that the difficulty in breaking IDEA is about the same difficulty as factoring a 3,000-bit RSA key.