From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 7 Jun 1996 11:55:21 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <199606061756.NAA16447@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


> If the secret key is available then an attacker knows the length
> of p & q.  Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)

PGPlib has an interface to encrypt the whole keyring, however that
probably isn't going to be fully implemented unless time permits.
This interface allows you to encrypt the WHOLE keyring in a
passphrase, which includes not only the secret components, but the
public components as well.  However I don't know if I'll have the time
to get to it.

Enjoy!

-derek