[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how secure is secring.pgp?



-----BEGIN PGP SIGNED MESSAGE-----

> Since we need a passphrase to access our secret key, it is
> reasonable to think that our secring.pgp file is pretty secure, as
> long as our passphrase is notrivial.  What am I missing here?

The secret key on the secring.pgp is IDEA-encrypted... So, it is only
as strong as IDEA, and your passphrase.

To break the security, someone needs to be able to:
	1) Obtain your secret keyring.. This is either watching it
go over the net, reading the file system, borrowing your floppy, or
whatever, and
	2) Obtain your secret passphrase...

Only when both are accomplished can they get to your secret key,
although once they have accomplished #1, they can try to break the
IDEA algorithm...

- -derek

PGP 2 key available upon request on the key-server:
	[email protected]
- --
  Derek Atkins, MIT '93, Electrical Engineering and Computer Science
     Secretary, MIT Student Information Processing Board (SIPB)
           MIT Media Laboratory, Speech Research Group
           [email protected]       PP-ASEL        N1NWH

-----BEGIN PGP SIGNATURE-----
Version: 2.2

iQBuAgUBK8onIzh0K1zBsGrxAQHn0QLECpGbaKS3PpXdJTE0956AkeaYGuZGATJ3
Jgq7I/cEB5l2e3PPr31xdctywTi/+RBIKOJEVokPO9UMsu5KQvwngHta7NeYF8UB
qS3wPDH85ro60H4fFsg/s6E=
=4s7l
-----END PGP SIGNATURE-----