if someone steals your key...

Frank Tobin ftobin@uiuc.edu
Thu, 23 Mar 2000 04:36:39 -0600 (CST)

Hash: SHA1

Trevor Smith, at 20:52 -0400 on Wed, 22 Mar 2000, wrote:

> Exactly how much resources would it take to "break" a private key
> without the pass phrase? Just wondering. Someone was expressing worry
> about people knowing where to find his private key if they should go
> snooping.
Your private key is encrypted symmetrically with a hash of your passphrase. Given that the algorithm used is good, the best attack lays in the way of brute-forcing the passphrase. Hence, if the passphrase is poor, it will be relatively easy to break the key, while if the passphrase is strong it will be more difficult. Useful information and references can be found at: http://world.std.com/~reinhold/diceware.html - -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/ iEYEARECAAYFAjjZ88QACgkQVv/RCiYMT6MNwACeP1LoIS+7kJiFHnMpp7lQCY3E wIQAnR6+LFviZopdbdOlHFEbFGTIdj/Y =rFiG -----END PGP SIGNATURE-----