Security of PGP if Secret Key Available?
Mark M.
markm at voicenet.com
Thu Jun 6 04:08:40 PDT 1996
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 5 Jun 1996, Gary Howland wrote:
> On Jun 3, 2:36, "Robert A. Hayden" wrote:
> > However, I got to wondering about the security of PGP assuming somebody
> > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have
> > it on my personal computer, and somebody gets my secret key, how much
> > less robust has PGP just become, and what are appropriate and reasonable
> > steps to take to protect this weakness?
>
> If the secret key is available then an attacker knows the length
> of p & q. Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)
I don't see how knowing the exact lengths of p and q will help matters much.
I don't think it will speed up the factoring time, and it won't make brute-
forcing the passphrase any easier.
- -- Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"In Christianity neither morality nor religion come into contact with
reality at any point."
-- Friedrich Nietzsche
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMbXp97Zc+sv5siulAQFTBAQAjcfF5jh29RhTPokzfHbTEU+5aspywOPZ
C3V1Lvucf6rYPH3J8oo8o8qo8iUjWIHR3B6Xh/DllslfDmO+WnOceaz888gErnGz
X30prZ3Q6pue0WbrCk5S6++OMXux0+zzEcB5z5jcZb3wNLie8Qr2nnwyvM3ha1Gj
bx96KawqVEI=
=VSDw
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list