Getting Passphrase From Encrypted and Unencrypted Secret Key

[vedaal at nym.hush.com]

On 5/29/2014 at 5:54 PM, "Marko Randjelovic" <markoran at eunet.rs> wrote:
>
>If an attacker got my secret key while it wasn't encrypted (no
>passphrase) and then I put a passphrase, and then the same attacker
>gets encrypted key, can he find out my passphrase based on 
>difference
>between non-encrypted and encrypted key?

======

The attacker wouldn't need to.

The attacker ALREADY has your secret key and can decrypt any messages you have, or ever will have with that key,

But in answer to your question,
No.

The attacker cannot determine your passphrase based on that information.

The knowledge of the key without the passphrase protection, is the equivalent of knowing the 'plaintext' of something that will be encrypted symmetrically with a gnupg block cipher, which, if, the attacker had a copy of the secret key with the new encryption, the attacker could just try a passphrase-guessing algorithm on the key with the passphrase.

Knowing the un-encrypted copy of the key would not help any.

(I don't know how to explain the workings of the block-ciphers in gnupg, but think that they are resistant to known-plaintext attacks.)



vedaal