key security

[Mike Touloumtzis]

On Wed, Apr 10, 2002 at 12:25:02AM -0300, Trevor Smith wrote:
> 
> A scenario:
> 
> 1. you have my private key but not my passphrase
> 2. my passphrase is:
>    AGbaka-g92kLA.ba29bskt2blb992asjg.220tu0-ut\]ablb292a[B<><?919GU
>    (or something similar)
> 3. my key size is 1024
> 4. you have a message encrypted with my public key
> 
> Which is easier:
> 
> A. crack my passphrase (brute force?) to get to my private key or

To clear up a possible misconception: the passphrase doesn't come into
play if someone only has messages you sent.  The passphrase is used
to protect your private key on disk, and it comes into play if someone
manages to steal the private key from your keyring.  The passphrase is
an important security measure in preventing some types of compromise
(such as accidental disclosure or browser bugs that allow malicious
file uploads), but if someone cracks into your computer to get the
private keyring they may be also be able to capture your keystrokes,
thus obtaining your passphrase.

The symmetric "session" keys used for messages you send are randomly
generated and have nothing to do with your passphrase.  To break into
your correspondence without the private key, an attacker would need to
(a) break a >= 128-bit symmetric cryptosystem with a randomly chosen key
and only one message's worth of text, or (b) attack the public key (e.g.
by factoring).  (b) is much easier, but is still considered impossible for
keys >= 2048 bits.  Recent developments suggest that breaking 1024-bit
keys is conceivable, although it would require a multibillion-dollar
computing expenditure and many cryptographers still aren't sure it can
be made practical at all.

These are just the cryptographic methods of breaking in.  It's much
easier to the grand scheme of things to break into your computer, or
even to break into your house and bug your keyboard.

miket