At 04:21 PM 2/21/97 -0500, Alec wrote:

Is the strength, or lack thereof, of conventional PGP encryption proportional to the length of the conventional password?

Sure, up to 128 bits of entropy. Go check out pgpcrack. Suppose you wanted to do a brute-force attack on a PGP conventionally encrypted document, and you knew the passphrase was one character long. What would you do? How many tries would it take to be sure you got the right passphrase? Suppose you knew the passphrase was one word in a common on-line dictionary. What would you do, and how many tries would it take? Since the passphrase is MD5-hashed to a 128-bit-long key, there are only 2**128 really-different passphrases, though for any given passphrase, most of the members of the infinitely large class of equivalent passphrases won't be very easy to remember :-) Since MD5 is cryptographically strong, we used to assume it would be hard to find those equivalence classes, though Dobbertin's work suggests it's not as hard to find collisions as we used to assume. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)