Key Security Question

Toto toto at sk.sympatico.ca
Sat Feb 1 08:41:08 PST 1997


Paul Foley wrote:
 
> On Fri, 31 Jan 1997 17:51:47 -0800, Toto wrote:

>>      If the repairman has your pubring and secring files, you can now
>>    consider them in the same light as a 'busted flush'.
> 
> The secret key is encrypted using the same IDEA algorithm that PGP
> uses to encrypt your files.  If you trust IDEA, your key is as safe as
> your passphrase (not at all if you have no passphrase, not much if
> it's easily guessable, etc.)

  Send me your secring file. I have a new password-buster I'd like to
try out on it.

> If your computer repairman has the capability to crack strong 128-bit
> ciphers, I'd be rather worried :-)

  He doesn't have to crack the cipher, he only needs to find the
password.
 
> On the other hand, there's always the possibility of your passphrase
> being on the disk, say in a swap file, somewhere.  Same goes for
> plaintext of any encrypted files/messages.  I doubt anyone's gonna go
> hunting through your swap file, "empty" sectors, etc., looking for it,
> though, unless you've done something to really piss him off lately :-)

  Or if he's a member of the CypherPunks list, read the message, and now
considers it to be a personal challenge.

Toto








More information about the cypherpunks-legacy mailing list