-----BEGIN PGP SIGNED MESSAGE----- On Wed, 5 Jun 1996, Gary Howland wrote:
On Jun 3, 2:36, "Robert A. Hayden" wrote:
However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness?
If the secret key is available then an attacker knows the length of p & q. Admittedly this will not usually help matters much, but I still feel that the lengths of p and q should be encrypted with the passphrase - perhaps in PGP3.0? (Derek?)
I don't see how knowing the exact lengths of p and q will help matters much. I don't think it will speed up the factoring time, and it won't make brute- forcing the passphrase any easier. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbXp97Zc+sv5siulAQFTBAQAjcfF5jh29RhTPokzfHbTEU+5aspywOPZ C3V1Lvucf6rYPH3J8oo8o8qo8iUjWIHR3B6Xh/DllslfDmO+WnOceaz888gErnGz X30prZ3Q6pue0WbrCk5S6++OMXux0+zzEcB5z5jcZb3wNLie8Qr2nnwyvM3ha1Gj bx96KawqVEI= =VSDw -----END PGP SIGNATURE-----