Security Basics mailing list archives
RE: Crypto Question
From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
Date: Fri, 7 Nov 2003 15:16:19 -0500
It's not universally true that larger keys provide more security. For instance, a 1024-bit RSA key is quite safe from brute force attacks from pretty much anybody in the world. If someone wants to defeat it then they will focus on other avenues such as stealing your private key or accessing the message after you decrypted it. Once the key size is great enough to make it infeasible for an attacker to break it, then making it any larger is pointless. A better answer to Lachlan's question, as I'm sure others will point out, is that your passphrase strength matters if an attacker can get access to the wrapped private key (I'm assuming that we're talking about a public-key system here, like PGP). But keep in mind that very very few people use passphrases that are truly difficult to brute force, and indeed, most people are not capable of remembering high-entropy passphrases without writing them down. -----Original Message----- From: Ted Rolle [mailto:ted () php net] Sent: Friday, November 07, 2003 12:36 PM To: McGill, Lachlan Cc: security-basics () securityfocus com Subject: Re: Crypto Question I reread your question: key size does matter because the bad guy has to deal with a larger keyspace with the longer keys. On Fri, 7 Nov 2003, McGill, Lachlan wrote:
Am I right in assuming that an encrypted file/email is only as secure as
the passphrase used for the private key? i.e. If i use the passphrase 'password' then does it become irrelevant what key size I use to encrypt the data?
If someone can please briefly explain this to me I would be much
appreciative.
Thanks.
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Re: Crypto Question, (continued)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Wu Fei Liang (Nov 07)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
- Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
- Re: Crypto Question Florian Streck (Nov 17)
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
- Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)