Weak encryption keys

Jacob Bachmeyer jcb62281 at gmail.com
Mon Mar 22 23:32:14 CET 2021

jsmith9810 at gmx.com wrote:
>> [...]
> A private key protected by weak blowfish cipher is by no means more at risk
> compared to an unencrypted key, which GnuPG has no problem with.

The difference is that you *know* an unencrypted key is lying around at 
risk of compromise, and you knowingly chose to take that risk when you 
chose to store the key unencrypted.

> Also, from what I've read about blowfish weak keys (and I admit I didn't spend
> too much time on it), the attacks are unrealistic in that even though they
> reduce the complexity compared to brute forcing a 128-bit key, it's still
> near-impossible to retrieve the plain-text or the key itself within reasonable
> amount of time. And I also recall reading that it requires a large amounts of
> known plain-text and corresponding cipher-text data. In this case, it's a
> unique key that's only used to encrypt a few hundred bytes of data. So the risk
> of an attacker being able to just "crack" your private key based on the weakness
> of the cipher key seems to be quite an overstatement.

I am assuming that there is some more severe problem with OpenPGP 
Blowfish key wrapping, since the situation you describe would not 
warrant the measures GPG has taken.  (In other words, I am assuming that 
the GPG developers know something here that we do not, and I believe 
that to be a reasonable assumption.)

> Besides, shouldn't the assessment of the security of the key be better left to
> the user? It would be totally reasonable to warn the user about the potential
> risks and even make a recommendation to revoke this key. But not allowing them
> to decrypt something that was previously encrypted with this key doesn't seem
> justifiable even if the risks were as high as you stated.

You are correct that the situation you describe does not reasonably 
support completely rejecting the key.  That is the reason I expect that 
there is a problem serious enough that the key should be considered 

-- Jacob

More information about the Gnupg-users mailing list