Problems with private keyring?
Nils at infosun.fmi.uni-passau.de
Wed Mar 21 18:04:07 CET 2001
>>>"pb" == p brodacki <Pawe> writes:
pb> what I've found here: http://www.i.cz/en/onas/tisk4.html. Two Czechs
pb> claim they can extract private keys from GPG (and PGP) rings.
Quick reaction after reading this: they claim that they can extract the
private key from your private key ring although it's password
protected. Well, this password protection was never meant to be a major
security barrier - it is the general view that if the attacker gets
access to the private ring, then you've lost. The attacker can always do
a brute force or dictionary attack against your password which will be
by magnitudes easier than breaking your public key. Even if they found a
bug in OpenPGP that makes it even easier to bypass the password
protection (they seem to claim this) - so what? It would downgrade the
tiny protection against the unexperienced attacker.
More information about the Gnupg-devel