From: Derek Atkins <warlord@MIT.EDU>
To: “Mark M.” <markm@voicenet.com>
Message Hash: d23dbb453205949a3aa43fb648bcc3e652c79e1263e5986a89dc4128eca06724
Message ID: <199606061756.NAA16447@toxicwaste.media.mit.edu>
Reply To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
UTC Datetime: 1996-06-07 03:55:21 UTC
Raw Date: Fri, 7 Jun 1996 11:55:21 +0800
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 7 Jun 1996 11:55:21 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <199606061756.NAA16447@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
> If the secret key is available then an attacker knows the length
> of p & q. Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)
PGPlib has an interface to encrypt the whole keyring, however that
probably isn't going to be fully implemented unless time permits.
This interface allows you to encrypt the WHOLE keyring in a
passphrase, which includes not only the secret components, but the
public components as well. However I don't know if I'll have the time
to get to it.
Enjoy!
-derek
Return to June 1996
Return to ““Mark M.” <markm@voicenet.com>”