--override-session-key $PASS simple brute force attack vulnerability?

[john clark]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --override-session-key $PASS simple brute force
attack vulnerability?

hi guys,

	Call me naive, but...

	I noticed that on --show-session-key option, the
structure of the
session key is composed of the cipher-algo code plus
lotsa random
numerals and upper case characters, but no special
characters.

gpg: session key: 
                                                      
           
"9:4653465768797E97F6863768674FG464675676689DBFE3SD599B7662D4DF98B1"

	Then there is a possibility to brute force a
particular
public-key encrypted message via the session key
without having the
secret-key, right? 

	And if this is the case, then it's much better to use
long cipher
algos like Rijndael256 and Twofish to avoid this risk?

- - jed


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9Lb3UluOtB0iIhFgRAp1jAKC3dW2KQ37yEwmSQ3oFhthBd4YbTACaAsxk
lGYrXo9GGA8f5ZmU4STxuxg=
=L1Pa
-----END PGP SIGNATURE-----


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com