[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of PGP if Secret Key Available?

To: "Mark M." <[email protected]>
Subject: Re: Security of PGP if Secret Key Available?
From: Derek Atkins <[email protected]>
Date: Thu, 06 Jun 1996 13:56:47 EDT
cc: [email protected]
In-reply-to: Your message of "Wed, 05 Jun 1996 16:11:13 EDT." <Pine.LNX.3.93.960605161013.186C-100000@gak>
Sender: [email protected]

> If the secret key is available then an attacker knows the length
> of p & q.  Admittedly this will not usually help matters much,
> but I still feel that the lengths of p and q should be encrypted
> with the passphrase - perhaps in PGP3.0? (Derek?)

PGPlib has an interface to encrypt the whole keyring, however that
probably isn't going to be fully implemented unless time permits.
This interface allows you to encrypt the WHOLE keyring in a
passphrase, which includes not only the secret components, but the
public components as well.  However I don't know if I'll have the time
to get to it.

Enjoy!

-derek

Follow-Ups:
- Re: Security of PGP if Secret Key Available?
  - From: Adam Shostack <[email protected]>

References:
- Re: Security of PGP if Secret Key Available?
  - From: "Mark M." <[email protected]>

Prev by Date: InfoSec Spin
Next by Date: Re: whitehouse web incident, viva la web revolution
Prev by thread: Re: Security of PGP if Secret Key Available?
Next by thread: Re: Security of PGP if Secret Key Available?
Index(es):
- Date
- Thread