[ Pobierz całość w formacie PDF ]
.pgp.PGP will usethis file instead of looking inPGPPATH.SHOWPASS Boolean off When on, show the pass phrase as itis being typed.By default, thisoption is off to protect your passphrase from being read while youtype it.TEXTMODE Boolean off When turned on, assume a file is atext file.PGP will always check toverify if it is a text file, and will turnoff textmode if it is not.TMP string The directory where temporary filesare created.PGP will try to choose areasonable default if it is not set inthe configuration file.On Unixsystems, PGP uses the contents ofthe TMP environment variable; onPGP 681Name Type Default EffectVMS, PGP will use the contents ofSYS$SCRATCH; on DOS, thecurrent directory is used.TZFIX integer 0 The number of hours to add to thetime to get GMT.This is neededonly if the TZ environment variabledoes not work.VERBOSE integer 1 The verbosity level of PGP.Themore verbose, the more debugginginformation and progress informa-tion is printed to the user.Verboselevel 0 is quiet mode, and verboselevel 2 provides extra runtimeinformation.PGP also supports a number of configuration options that only make sense on the commandline.Table 11.4 lists these options.As you saw in table 11.3, these options are also used byputting a plus sign before the name, and following it with an equal sign and the value.Forexample, to turn off compression you can add +compress=off to the command line.Table 11.4Configuration Options for PGPName Type Default EffectBATCHMODE Boolean off Process the current request as a batchrequest.This is useful for servers andto perform default operations withoutasking for user input.FORCE Boolean off When turned on, force PGP to answerquestions using default values.Thisoption forces PGP to perform thedefault actions instead of asking theuser.In general, this is used withBATCHMODE for system serversthat want to use PGP.MAKERANDOM integer Output a file of random bytes, usingthe length of this variable.682 Part III: Messaging: Creating a Secure ChannelIf you want to use PGP as a random number generator, for instance, it can be configured tomake a file of random numbers.You can specify this using the makerandom option.Forexample, to generate 1k of random data into a file named output.bin, you would use thiscommand:pgp +makerandom=1024 output.bin\\The configuration options are best used by setting the preferred default options in the configu-ration file and then using the command-line options to change the defaults when necessary.For example, a suggested mode is to specify TEXTMODE and ARMOR to be true in theconfiguration file, and use +armor=off or +textmode=off on the command line when textmodeor armor mode or both are not desired.Security of PGPThe use of a security program does not ensure that your communications will be secure.Youcan have the most secure lock on the front door of your house, and a prowler can still crawl inthrough an open window.Similarly, your computer can be just as vulnerable, even when usingPGP.A number of known attacks exist against PGP; the next few sections cover many of them.However, this is by no means a complete list.Attacks may be found in the future that break allpublic key cryptography.This list tries to give you a taste of what you need to protect yourcommunications.The Brute Force AttackThe most direct attack against PGP is to brute force the keys that are used.Because PGP 2.6.2uses two cryptographic algorithms, it is appropriate to look at the security of both algorithms.For public key cryptography, PGP uses the RSA algorithm; for secret key cryptography, it usesIDEA.Brute Force on RSA KeysFor RSA keys, the best brute force attack known is to try to factor them.RSA keys are gener-ated so that they are difficult to factor.Moreover, factoring large numbers is still a new art.The most recent, and largest, RSA key to be factored is RSA-129 in April, 1994.RSA-129 isthe original RSA challenge number that was created in 1977 when the RSA algorithm wasdevised.It is a 129-decimal digit RSA key, which is equivalent to about 425 bits.A worldwideeffort to factor the number used the resources of 1,600 computers for over eight months of realtime.This figures out to 4,600 MIPS-years; a MIPS-year is the amount of data a 1 MIPSmachine could process in one year.PGP 683For example, a Pentium 100 is approximately 125 MIPS (according to Intel).If one Pentium100 machine were to run full time for one full year on a problem, it would donate 125 MIPS-years.At this rate, it would take one machine just about 37 years to break RSA-129.Alterna-tively, 100 machines could break the code in just over 4 months, which is about half the timeof the actual project.A newer factoring algorithm exists than the one used in the RSA-129 project.This neweralgorithm is much faster, and is believed to be able to factor RSA-129 in about a quarter of thetime.It is uncertain how this new algorithm will perform, and there is currently a projectunderway to factor RSA-130, a sister challenge to RSA-129.As of this writing, many comput-ers around the world are working on factoring this number.The results may not be known forsome time.Currently, PGP uses keys between 512 and 2,048 bits.The larger the key the harder it is tofactor.At the same time, increasing the keysize increases the time it takes to use that key
[ Pobierz całość w formacie PDF ]