On Jun 3, 2:36, "Robert A. Hayden" wrote:
However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness?
If the secret key is available then an attacker knows the length of p & q. Admittedly this will not usually help matters much, but I still feel that the lengths of p and q should be encrypted with the passphrase - perhaps in PGP3.0? (Derek?) Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06