Security Basics mailing list archives

RE: Crypto Question

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 7 Nov 2003 11:42:40 -0700

In an assymetric cypher (e.g. PGP) you can take steps to protect your
private key (such as keeping it encrypted in a "conventional" encrypted
archive or hidden somewhere).  That can mitigate the risk of having a weak
passphrase, but it's no reliable subtitute.  If your data is in jeopardy,
destroying the private key makes the archive inaccessable except through
brute-force cypher cracking methods.

But, generally, yes.  Dictionary attacks on the passphrase are one of the
only reasonable recourses for someone trying to hack a high-security modern
encryption protocol.

Eric Hagen

-----Original Message-----
From: McGill, Lachlan [mailto:mcgilll1 () anz com]
Sent: Thursday, November 06, 2003 3:21 PM
To: security-basics () securityfocus com
Subject: Crypto Question


Am I right in assuming that an encrypted file/email is only as secure as the
passphrase used for the private key? i.e. If i use the passphrase 'password'
then does it become irrelevant what key size I use to encrypt the data?

If someone can please briefly explain this to me I would be much
appreciative.

Thanks.




---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to

simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

Current thread:

Re: Crypto Question, (continued)
- Re: Crypto Question John Borwick (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Wu Fei Liang (Nov 07)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
  - Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
  - Re: Crypto Question Florian Streck (Nov 17)
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
  - Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)