[1764] in cryptography@c2.net mail archive
How to break PGP?
daemon@ATHENA.MIT.EDU (Jack Oswald)
Fri Oct 24 14:39:47 1997
From: Jack Oswald <joswald@rpkusa.com>
Reply-To: "joswald@rpkusa.com" <joswald@rpkusa.com>
To: "'Cryptography'" <cryptography@c2.net>
Date: Thu, 23 Oct 1997 20:16:13 -0700
A colleague of mine was concerned about the current implementations of PGP
under Windows. The following is a quote from him. Does anyone know how
PGP actually collects the random data? Does he have anything really to
worry about? Has anyone tried to attack PGP this way?
"PGP acquires "true random" (not pseudorandom) data that it uses to create
private/public key pairs. The original DOS versions did this by measuring
time intervals between keystrokes; the Windows version is reputed to do the
same, possibly with the addition of measuring time intervals between mouse
messages.
One potential weakness is that under Windows, messages are sent essentially
synchronously at (approx.) intervals of 55 milliseconds (18.2 times per
second), in time with the PC "heartbeat" interrupt. Unless very special
low-level timing is implemented, which is essentially impossible to do with
message timing, all keyboard and mouse information arrives at substantially
regular intervals: multiples (or nearly so) of the above figure. A simple
experiment with Delphi or any other Windows development tool can confirm
this. As a result, supposedly "random" inter-arrival times may in fact be
guessable with considerable accuracy, dramatically reducing the effective
size of the key space. There is anecdotal evidence from the newsgroups
(unconfirmed so far as I know) that a good typist can occasionally
reproduce a particular set of "random" timing data by unusually regular
typing."
