17 Dec
2003
17 Dec
'03
11:17 p.m.
If the secret key is available then an attacker knows the length of p & q. Admittedly this will not usually help matters much, but I still feel that the lengths of p and q should be encrypted with the passphrase - perhaps in PGP3.0? (Derek?)
PGPlib has an interface to encrypt the whole keyring, however that probably isn't going to be fully implemented unless time permits. This interface allows you to encrypt the WHOLE keyring in a passphrase, which includes not only the secret components, but the public components as well. However I don't know if I'll have the time to get to it. Enjoy! -derek