Problems with private keyring?

Nils Ellmenreich Nils at
Wed Mar 21 18:04:07 CET 2001

>>>"pb" == p brodacki <Pawe> writes:

 pb> what I've found here: Two Czechs
 pb> claim they can extract private keys from GPG (and PGP) rings.       

Quick reaction after reading this: they claim that they can extract the
private key from your private key ring although it's password
protected. Well, this password protection was never meant to be a major
security barrier - it is the general view that if the attacker gets
access to the private ring, then you've lost. The attacker can always do
a brute force or dictionary attack against your password which will be
by magnitudes easier than breaking your public key. Even if they found a
bug in OpenPGP that makes it even easier to bypass the password
protection (they seem to claim this) - so what? It would downgrade the
tiny protection against the unexperienced attacker.

More information about the Gnupg-devel mailing list