Mark M. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 5 Jun 1996, Gary Howland wrote:
On Jun 3, 2:36, "Robert A. Hayden" wrote:
However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness?
If the secret key is available then an attacker knows the length of p & q. Admittedly this will not usually help matters much, but I still feel that the lengths of p and q should be encrypted with the passphrase - perhaps in PGP3.0? (Derek?)
I don't see how knowing the exact lengths of p and q will help matters much.
That's what I said. There are however a few cases where it may help. Two that spring to mind are the brute force factoring of the BlackNet key - this may have been faster if half of the potential factors could have been ignored due to wrong key lengths (although I suspect this depends upon the factoring algorithm), and the other is that of identifying low quality keys with a small factor (perhaps generated by low quality software).
I don't think it will speed up the factoring time
Again, I would say this depends upon the factoring algorithm. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06