From: Bill Stewart <stewarts@ix.netcom.com>
To: camcc@abraxis.com (Alec)
Message Hash: 0054300511ff13705bec4ca9182bcfcaa38e6319725a3d7522cf0cdf27647960
Message ID: <3.0.1.32.19970221234738.005c05c8@popd.ix.netcom.com>
Reply To: <3.0.1.32.19970221162111.006a8310@smtp1.abraxis.com>
UTC Datetime: 1997-02-22 07:48:08 UTC
Raw Date: Fri, 21 Feb 1997 23:48:08 -0800 (PST)
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 21 Feb 1997 23:48:08 -0800 (PST)
To: camcc@abraxis.com (Alec)
Subject: Re: IDEA/Strength?
In-Reply-To: <3.0.1.32.19970221162111.006a8310@smtp1.abraxis.com>
Message-ID: <3.0.1.32.19970221234738.005c05c8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 04:21 PM 2/21/97 -0500, Alec wrote:
>Is the strength, or lack thereof, of conventional PGP encryption
>proportional to the length of the conventional password?
Sure, up to 128 bits of entropy. Go check out pgpcrack.
Suppose you wanted to do a brute-force attack on a PGP conventionally
encrypted document, and you knew the passphrase was one character long.
What would you do? How many tries would it take to be sure you
got the right passphrase?
Suppose you knew the passphrase was one word in a common on-line dictionary.
What would you do, and how many tries would it take?
Since the passphrase is MD5-hashed to a 128-bit-long key, there are only
2**128 really-different passphrases, though for any given passphrase,
most of the members of the infinitely large class of equivalent passphrases
won't be very easy to remember :-) Since MD5 is cryptographically strong,
we used to assume it would be hard to find those equivalence classes,
though Dobbertin's work suggests it's not as hard to find collisions as we
used to assume.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
Return to February 1997
Return to “camcc@abraxis.com (Alec)”