-----BEGIN PGP SIGNED MESSAGE-----
At 04:39 AM 3/9/90 +0000, you wrote:
>My current ISP provides pgp to its users from their shell accounts.
I am
>curious to know how secure this is in fact. From what i've read it's
>damned near impossible to crack pgp without access to the secret key
>generated at startup (i think... feel free to correct me), but if
you
>generate a key in shell (at the isp), they will have axs to both
your
>public and secret keys. With access to both of these how easy would
it be
>then to mount an attack against a document/file/program encrypted
with
>that specific key? I'm interested in any figures anyone has
regarding such
>the feasibility/time involved in such an attempt.
I'm sure that your ISP could access your files, if your private key
is stored on their server, and if they sniff your keystrokes for your
passphrase....
>Many of you will simply say do not use it from the isp, and i agree
with
>you. However i'm really more interested in how easy pgp can be
cracked
>(if at all) with just the public key, as compared to both public and
>private.
If someone has your Public and private key they would need to figure
out your passphrase (so make it a real good one). If they just have
your Public key, and if your key is of sufficient length, then it's
infeasable that it will be broken. There's no documentation of anyone
breaking PGP except by brute force. So a long key would negate that.
<Shameless Plug Below>
Check out http://www.frii.com/~rcv/deschall.htm and
http://www.research.megasoft.com/deschall/what.htm
This will give you info on how we cracked 64 bit DES and how longer
keys are needed.
>I ask the stupid question about whether pgp can be cracked with
access to
>the public key alone because a contact of mine spoke to a leading
>cryptologist (Dr. Vlad Rosgova) who pointed out that all code can be
>broken. Is it then feasible that pgp could be cracked given the
public key
>alone (i don't care about the billions of years required just
whether it's
>possible), or whether it is essential to have the secret key?
The Public key does not cause any weaknesses in the encryption, brute
force would take the same time with or without your Public Key
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBM8kxLMeWPtttGqZhAQHC0wf8D52DtbdXKGOAmMocs5PlOdQthfg0DXyy
r2pbNbnld3SSegMhBQzJuxVvYSctP1t5zVA/o7ycZNQYGCNxwD32ws2T30QQ14Zf
fIhxPeFvTyd1bVhQloZnxPPODJWPyRUqH/1CiuUjfXGvMAq9j4FezRjPbin81feq
97MCIDHkfvwi3T+1eGLxV0lYIjGXWguN2o6S1VgfXEFjGGJWEq6XldLaUfXwmMtz
rugirFO31bofnfQ7O0Cf4MlysRWgrYu/rYasiN90ZghJx+fW2JWX2VR69uIS/RUp
0j7mOBgcliuK3Q6Jg5vzZ2ptijMcJxUkWGu62rGFmqo97odk8dC8+w==
=kElN
-----END PGP SIGNATURE-----
Clyde Williamson
PGP Public Key found at
http://users1.ee.net/clydew/pgp.htm
We cracked DES!!! http://www.frii.com/~rcv/deschall.htm
Member of "The Interhack Posse!! <dclydew @
interhack .
net>
Follow-Ups:
|
|
