Implications Of The Recent RSA Vulnerability

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 11 16:43:03 CET 2010


> Alrighty. But doesn't this compromise the layer of security offered by
> the passphrase? What's the point having a passphrase at all, if it's so
> easy to compromise a private key?

You might as well ask, "what's the point of OpenPGP at all, if it's so easy to Van Eyck your monitor?"  Or, "if it's so easy to plant a keylogger?"  Or, "if it's so easy for someone to whisk me up off the street into a dark van and play the bongos on my kneecaps until I tell my secrets?"  Or… the list goes on and on.

OpenPGP assumes the endpoints of the communication are secure.  If they're not, there's nothing OpenPGP can do to help you make it secure.

If you think this is a problem, then I would observe your microwave oven does a really lousy job of keeping your beer cold.  All tools have preconditions: the existence of a precondition doesn't mean the tool is broken.  The precondition for a microwave oven is, "the food must need heating."  The precondition for OpenPGP is, "the endpoints must be secure."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3916 bytes
Desc: not available
URL: </pipermail/attachments/20100311/1d7ec0c4/attachment-0001.bin>


More information about the Gnupg-users mailing list