From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 21 Feb 1997 23:48:08 -0800 (PST)
To: camcc@abraxis.com (Alec)
Subject: Re: IDEA/Strength?
In-Reply-To: <3.0.1.32.19970221162111.006a8310@smtp1.abraxis.com>
Message-ID: <3.0.1.32.19970221234738.005c05c8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:21 PM 2/21/97 -0500, Alec wrote:
>Is the strength, or lack thereof, of conventional PGP encryption
>proportional to the length of the conventional password?

Sure, up to 128 bits of entropy.  Go check out pgpcrack.  

Suppose you wanted to do a brute-force attack on a PGP conventionally
encrypted document, and you knew the passphrase was one character long.
What would you do?  How many tries would it take to be sure you
got the right passphrase?

Suppose you knew the passphrase was one word in a common on-line dictionary.
What would you do, and how many tries would it take?

Since the passphrase is MD5-hashed to a 128-bit-long key, there are only
2**128 really-different passphrases, though for any given passphrase,
most of the members of the infinitely large class of equivalent passphrases
won't be very easy to remember :-)  Since MD5 is cryptographically strong,
we used to assume it would be hard to find those equivalence classes,
though Dobbertin's work suggests it's not as hard to find collisions as we
used to assume.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)