key security
Ryan Malayter
rmalayter@bai.org
Wed Apr 10 19:31:01 2002
From: Trevor Smith [mailto:trevor@haligonian.com]
>A scenario:
>1. you have my private key but not my passphrase
>2. my passphrase is:
>AGbaka-g92kLA.ba29bskt2blb992asjg.220tu0-ut\]ablb292a[B<><?919GU
>(or something similar)
>3. my key size is 1024
>4. you have a message encrypted with my public key
>Which is easier:
>A. crack my passphrase (brute force?) to get to my private key or
>B. attack the message itself, ignoring the private key?
>What if my key size is 2048? 4096?
Factoring the 1024-bit public key would be easiest. Assuming each character
in that passphrase was really chosen randomly, it represents over 400 bits
of entropy. This means it is stronger than any common symmetric cipher, even
256-bit AES. So strong, in fact, as to be pointlessly long.
Factoring a 1024-bit (or even 2048-bit) integer would be computationally
easier than brute-forcing a 400 bit entity.