While man-in-the-middle attacks are nothing new, several cryptography experts have recently demonstrated a weakness in the popular e-mail encryption program PGP. The experts worked with a graduate student to demonstrate an attack which enables an attacker to decode an encrypted mail message if the victim falls for a simple social-engineering ploy.
The attack would begin with an encrypted message sent by person A intended for person B, but instead the message is intercepted by person C. Person C then launches a chosen cipher text attack by sending a known encrypted message to person B. If person B has his e-mail program set to automatically decrypt the message or decides to decrypt it anyway, he will see only a garbled message. If that person then adds a reply, and includes part of the garbled message, the attacker can then decipher the required key to decrypt the original message from person A.
The attack was tested against two of the more popular PGP implementations, PGP 2.6.2 and GnuPG, and was found to be 100% effective if file compression was not enabled. Both programs have the ability to compress data by default before encrypting it, which can thwart the attack. A paper was published by Bruce Schneier, chief technology officer of Counterpane Internet Security Inc.; Johnathan Katz, an assistant professor of computer science at the University of Maryland; and Kahil Jallad, a graduate student working with Katz at the University of Maryland. It was hoped that the disclosure would prompt changes in the open-source software and commercial versions to enhance its ability to thwart attacks, and to educate users to look for chosen cipher text attacks in general. PGP is the world’s best known e-mail encryption software and has been afavorite since Phil Zimmermann first invented it in 1991; it has become the most widely used e-mail encryption software. While numerous attacks have rithm. With the power of computers growing exponentially, cracking this or even more modern algorithms is only a matter of time.
Group Project: PGP Case Study
Read the Case Study at the end of Chapter 4 of the textbook. With your group, determine at least four modifications to the Caesar Cipher encryption algorithm that could increase the time required to break it.
With PGP, Phil Zimmermann experienced resistance from the U.S. government before being allowed to distribute it. Do an Internet search to find additional information about Zimmermann’s case. Then, in a 1- to 2-page group report, perform the following:
· Provide at least three reasons for this resistance.
· Provide references for each of the three reasons that justify the concerns of the government as legitimate.
· Identify the individual contributions of each member of the group.
Your report should be written in APA style.