From: Gary Howland <gary@systemics.com>
To: “Mark M.” <markm@voicenet.com>
Message Hash: e813876b6281d5fa4cac86a4e70a0ce5e0a71a24b11bbb665d554a4d10652d9b
Message ID: <31B6C91D.28D95ABC@systemics.com>
Reply To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
UTC Datetime: 1996-06-06 22:22:16 UTC
Raw Date: Fri, 7 Jun 1996 06:22:16 +0800
From: Gary Howland <gary@systemics.com>
Date: Fri, 7 Jun 1996 06:22:16 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Security of PGP if Secret Key Available?
In-Reply-To: <Pine.LNX.3.93.960605161013.186C-100000@gak>
Message-ID: <31B6C91D.28D95ABC@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain
Mark M. wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Wed, 5 Jun 1996, Gary Howland wrote:
>
> > On Jun 3, 2:36, "Robert A. Hayden" wrote:
> > > However, I got to wondering about the security of PGP assuming somebody
> > > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have
> > > it on my personal computer, and somebody gets my secret key, how much
> > > less robust has PGP just become, and what are appropriate and reasonable
> > > steps to take to protect this weakness?
> >
> > If the secret key is available then an attacker knows the length
> > of p & q. Admittedly this will not usually help matters much,
> > but I still feel that the lengths of p and q should be encrypted
> > with the passphrase - perhaps in PGP3.0? (Derek?)
>
> I don't see how knowing the exact lengths of p and q will help matters much.
That's what I said. There are however a few cases where it may help.
Two that spring to mind are the brute force factoring of the
BlackNet key - this may have been faster if half of the potential
factors could have been ignored due to wrong key lengths (although I
suspect this depends upon the factoring algorithm), and the other
is that of identifying low quality keys with a small factor (perhaps
generated by low quality software).
> I don't think it will speed up the factoring time
Again, I would say this depends upon the factoring algorithm.
Gary
--
pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com>
Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
Return to June 1996
Return to ““Mark M.” <markm@voicenet.com>”