Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
if someone steals your key...
trevor at haligonian
Mar 22, 2000, 5:52 PM
Post #1 of 2 (493 views)
Permalink
Exactly how much resources would it take to "break" a private key
without the pass phrase? Just wondering. Someone was expressing worry
about people knowing where to find his private key if they should go
snooping.


--
Trevor Smith | trevor@haligonian.com
PGP public key available at: www.haligonian.com/trevor

PGP Public Key Fingerprint= A68C C4EC C163 5C0A 6CFA 671F 05D4 0B30 318B AFD6
Re: if someone steals your key... [ In reply to ]
ftobin at uiuc
Mar 23, 2000, 3:36 AM
Post #2 of 2 (473 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Trevor Smith, at 20:52 -0400 on Wed, 22 Mar 2000, wrote:

> Exactly how much resources would it take to "break" a private key
> without the pass phrase? Just wondering. Someone was expressing worry
> about people knowing where to find his private key if they should go
> snooping.

Your private key is encrypted symmetrically with a hash of your
passphrase. Given that the algorithm used is good, the best attack lays
in the way of brute-forcing the passphrase. Hence, if the passphrase is
poor, it will be relatively easy to break the key, while if the passphrase
is strong it will be more difficult. Useful information and references
can be found at:

http://world.std.com/~reinhold/diceware.html

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjjZ88QACgkQVv/RCiYMT6MNwACeP1LoIS+7kJiFHnMpp7lQCY3E
wIQAnR6+LFviZopdbdOlHFEbFGTIdj/Y
=rFiG
-----END PGP SIGNATURE-----

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal