PGP: looking for advice on settings
Winfried Tilanus
pmmail@rpglink.com
Thu, 23 Mar 2000 08:52:17 +0100
On Wed, 22 Mar 2000 20:55:22 -0400 (AST), Trevor Smith wrote:
>Ah, good point. Still, since the private key isn't usable without
>your pass phrase, you should probably be safe even if someone were to
>steal your key. I should someone ask exactly how much resources it
>takes to "break" a private key without the pass phrase...
Depends on the length of the passfrase, but it takes generally *much
less* resources. In matter of facts, the private key is encrypted with
the passfrase as key. The shorter the passfrase is, the easier a brute
force attack becomes. Also, a passfrase that is made uot of real words
is much more vunarable. I don't know exactly at wat length of the
passfrase it becomes more easy to aim the attack at the public key and
not at the private key, but it will take a really long passfrase before
you are at that point.
I think it is the best not to consider yourself safe when your private
key is stolen.
Best wishes,
Winfried
http://web.inter.NL.net/users/Winfried/