1996-06-05 - Re: Security of PGP if Secret Key Available?

Header Data

From: Gary Howland <gary@systemics.com>
To: cypherpunks@toad.com
Message Hash: aa1c058628ae76d78a49f962c0efaed2ac24e24aa90b29193b2f426088b76b1a
Message ID: <199606051033.MAA14983@internal-mail.systemics.com>
Reply To: N/A
UTC Datetime: 1996-06-05 14:20:25 UTC
Raw Date: Wed, 5 Jun 1996 22:20:25 +0800

Raw message

From: Gary Howland <gary@systemics.com>
Date: Wed, 5 Jun 1996 22:20:25 +0800
To: cypherpunks@toad.com
Subject: Re: Security of PGP if Secret Key Available?
Message-ID: <199606051033.MAA14983@internal-mail.systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jun 3,  2:36, "Robert A. Hayden" wrote:
> However, I got to wondering about the security of PGP assuming somebody
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> it on my personal computer, and somebody gets my secret key, how much
> less robust has PGP just become, and what are appropriate and reasonable
> steps to take to protect this weakness?

If the secret key is available then an attacker knows the length
of p & q.  Admittedly this will not usually help matters much,
but I still feel that the lengths of p and q should be encrypted
with the passphrase - perhaps in PGP3.0? (Derek?)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 





Thread