home *** CD-ROM | disk | FTP | other *** search
- From: Stu@f729.n153.z1.ship.wimsey.bc.ca (Stu)
- Sender: UUCP@ship.wimsey.bc.ca
- Path: sparky!uunet!van-bc!ship!UUCP
- Newsgroups: sci.crypt
- Subject: Limits on the Use of Cryptography?
- Message-ID: <726201680.AA00090@ship.wimsey.bc.ca>
- Date: Mon, 04 Jan 1993 02:53:33 -0800
- Lines: 27
-
- JH> This raises an interesting question. If the government tosses me in
- JH> jail for refusing to relinquish my private key as required by law,
- JH> it will likely get access to my UNIX account and all the files
- JH> contained
- JH> thereon. My private key is protected by a password, and PGP demands
- JH> it each time I attempt to use it. Just how secure is PGP's encryption
- JH> of secret keys?
-
- The security of PGP's key encryption alogorithm is, as it should be, only as
- strong as it's key. While an 8 byte alphanumeric password is hardly as secure
- as they 1024 bit key it protects, it would keep one busy for a little while
- trying to break it..
-
- Assuming an 8 letter password, and say about 70 choices for each letter ( 26
- uppercase, 26 lowercase - yes it's case sensitive - 10 for numbers + some
- punctuation etc ) hmm... 70^8 is... 5.765*10^14. So the spooks that are
- tailing you would have to try that many passwords. Judging from PGP's spew
- "Pass Phrase *looks* good." I'd guess there's some way of telling if the pass
- phrase works or not without actually having to uncipher the key and then say,
- see if it is the multiplicitive inverse of the public key.
-
- (wow, all these numbers are getting me excited - let's see what else I can
- figure out..) Let's say you borrowed Mr. Diffie's million-key/sec DES
- cracker and modified it for these purposes.. it would take 5.765*10^8
- seconds, or about 18 years - that seems awfully secure for a simple
- password... if I boo boo'd, let me know..
-
-
