if someone steals your key...
Frank Tobin
ftobin@uiuc.edu
Thu, 23 Mar 2000 04:36:39 -0600 (CST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Trevor Smith, at 20:52 -0400 on Wed, 22 Mar 2000, wrote:
> Exactly how much resources would it take to "break" a private key
> without the pass phrase? Just wondering. Someone was expressing worry
> about people knowing where to find his private key if they should go
> snooping.
Your private key is encrypted symmetrically with a hash of your
passphrase. Given that the algorithm used is good, the best attack lays
in the way of brute-forcing the passphrase. Hence, if the passphrase is
poor, it will be relatively easy to break the key, while if the passphrase
is strong it will be more difficult. Useful information and references
can be found at:
http://world.std.com/~reinhold/diceware.html
- --
Frank Tobin http://www.uiuc.edu/~ftobin/
"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/
iEYEARECAAYFAjjZ88QACgkQVv/RCiYMT6MNwACeP1LoIS+7kJiFHnMpp7lQCY3E
wIQAnR6+LFviZopdbdOlHFEbFGTIdj/Y
=rFiG
-----END PGP SIGNATURE-----