From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Fri, 21 Jun 1996 16:36:10 +0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: Safemail
Message-ID: <199606210343.XAA10443@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 20 Jun 96 at 12:28, Andrew Loewenstern wrote:
[..]
> There are other, more serious, drawbacks to such a scheme though.  You can't  
> change your passphrase without changing your public key.  People can try to  
> guess your passphrase with only your public key.  Crack can guess peoples  
> account passwords something like 24% of the time.  I doubt the average joe  
> would use much better passphrases for their secret key.  That's a scary  
> thought!!  At least with PGP someone has to get a copy of the encrypted  
> secret key first.

You could require *very good* passphrases.

Rather than changing a passphrase, revoke the key. Perhaps expire 
keys after a certain period of time.

Longer lasting keys (such as a digital timestamp service) would save 
private keys with a protected password instead.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.