Weak encryption keys

[Jacob Bachmeyer]

jsmith9810 at gmx.com wrote:
>> [...]
>
> A private key protected by weak blowfish cipher is by no means more at risk
> compared to an unencrypted key, which GnuPG has no problem with.
>   

The difference is that you *know* an unencrypted key is lying around at 
risk of compromise, and you knowingly chose to take that risk when you 
chose to store the key unencrypted.

> Also, from what I've read about blowfish weak keys (and I admit I didn't spend
> too much time on it), the attacks are unrealistic in that even though they
> reduce the complexity compared to brute forcing a 128-bit key, it's still
> near-impossible to retrieve the plain-text or the key itself within reasonable
> amount of time. And I also recall reading that it requires a large amounts of
> known plain-text and corresponding cipher-text data. In this case, it's a
> unique key that's only used to encrypt a few hundred bytes of data. So the risk
> of an attacker being able to just "crack" your private key based on the weakness
> of the cipher key seems to be quite an overstatement.
>   

I am assuming that there is some more severe problem with OpenPGP 
Blowfish key wrapping, since the situation you describe would not 
warrant the measures GPG has taken.  (In other words, I am assuming that 
the GPG developers know something here that we do not, and I believe 
that to be a reasonable assumption.)

> Besides, shouldn't the assessment of the security of the key be better left to
> the user? It would be totally reasonable to warn the user about the potential
> risks and even make a recommendation to revoke this key. But not allowing them
> to decrypt something that was previously encrypted with this key doesn't seem
> justifiable even if the risks were as high as you stated.
>   

You are correct that the situation you describe does not reasonably 
support completely rejecting the key.  That is the reason I expect that 
there is a problem serious enough that the key should be considered 
compromised.


-- Jacob