Security Basics mailing list archives

RE: Crypto Question

From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
Date: Fri, 7 Nov 2003 15:16:19 -0500


It's not universally true that larger keys provide more security.  For
instance, a 1024-bit RSA key is quite safe from brute force attacks from
pretty much anybody in the world.  If someone wants to defeat it then they
will focus on other avenues such as stealing your private key or accessing
the message after you decrypted it.  Once the key size is great enough to
make it infeasible for an attacker to break it, then making it any larger is
pointless.

A better answer to Lachlan's question, as I'm sure others will point out, is
that your passphrase strength matters if an attacker can get access to the
wrapped private key (I'm assuming that we're talking about a public-key
system here, like PGP).  But keep in mind that very very few people use
passphrases that are truly difficult to brute force, and indeed, most people
are not capable of remembering high-entropy passphrases without writing them
down.


-----Original Message-----
From: Ted Rolle [mailto:ted () php net]
Sent: Friday, November 07, 2003 12:36 PM
To: McGill, Lachlan
Cc: security-basics () securityfocus com
Subject: Re: Crypto Question


I reread your question: key size does matter because the bad guy has to
deal with a larger keyspace with the longer keys.

On Fri, 7 Nov 2003, McGill, Lachlan wrote:

Am I right in assuming that an encrypted file/email is only as secure as

the passphrase used for the private key? i.e. If i use the passphrase
'password' then does it become irrelevant what key size I use to encrypt the
data?


If someone can please briefly explain this to me I would be much

appreciative.


Thanks.


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

Current thread:

Re: Crypto Question, (continued)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Wu Fei Liang (Nov 07)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
  - Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
  - Re: Crypto Question Florian Streck (Nov 17)
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
  - Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)