Security Basics mailing list archives
Re: Crypto Question
From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 17 Nov 2003 14:46:54 -0800
From: Mitchell Rowton <mitchell () attackprevention com>Maybe the same question from a different angle. If I make a private key with "password" as the password and you do the same... Our private keys still cant decrypt each others messages. So while im confident that it is somehow bad to have simple passwords, i dont know why. Can anyone explain this better?
Simple, becuase if someone were to gain possession of or access to your private key, they could brute force the password rather quickly and then start impersonating you. The password is there to prevent someone from using your private key even if they have possession of it.
Chris Berry compjma () hotmail com Systems Administrator JM Associates"Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem?"
_________________________________________________________________MSN Shopping upgraded for the holidays! Snappier product search... http://shopping.msn.com
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Re: Crypto Question, (continued)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
- Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
- Re: Crypto Question Florian Streck (Nov 17)
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
- Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)