[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of PGP if Secret Key Available?



On Jun 3,  2:36, "Robert A. Hayden" wrote:
> However, I got to wondering about the security of PGP assuming somebody
> trying to read my PGPed stuff has my 1024-bit secret key.  ie, if I have
> it on my personal computer, and somebody gets my secret key, how much
> less robust has PGP just become, and what are appropriate and reasonable
> steps to take to protect this weakness?

If the secret key is available then an attacker knows the length
of p & q.  Admittedly this will not usually help matters much,
but I still feel that the lengths of p and q should be encrypted
with the passphrase - perhaps in PGP3.0? (Derek?)

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <[email protected]>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06