From: Gary Howland <gary@systemics.com>
Date: Fri, 7 Jun 1996 06:22:16 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <31B6C91D.28D95ABC@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Wed, 5 Jun 1996, Gary Howland wrote:
> 
> > On Jun 3,  2:36, "Robert A. Hayden" wrote:
> > > However, I got to wondering about the security of PGP assuming somebody
> > > trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> > > it on my personal computer, and somebody gets my secret key, how much
> > > less robust has PGP just become, and what are appropriate and reasonable
> > > steps to take to protect this weakness?
> >
> > If the secret key is available then an attacker knows the length
> > of p & q.  Admittedly this will not usually help matters much,
> > but I still feel that the lengths of p and q should be encrypted
> > with the passphrase - perhaps in PGP3.0? (Derek?)
> 
> I don't see how knowing the exact lengths of p and q will help matters much.

That's what I said.  There are however a few cases where it may help.
Two that spring to mind are the brute force factoring of the
BlackNet key - this may have been faster if half of the potential
factors could have been ignored due to wrong key lengths (although I
suspect this depends upon the factoring algorithm), and the other
is that of identifying low quality keys with a small factor (perhaps
generated by low quality software).

> I don't think it will speed up the factoring time

Again, I would say this depends upon the factoring algorithm.

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06