Security Basics mailing list archives
Re: Crypto Question
From: Tomas Wolf <tomas () skip cz>
Date: Sun, 09 Nov 2003 23:05:35 -0700
It depends on what encryption algorythm is being talk about?The term "Passphrase" is used in PGP... In this case it is not used to encrypt anything, it is to "protect" your PRIvate key. So if it is known - passphrase should keep the capturers from en/de-crypting using your private key. Therefore if the passphrase is "password" or "abc", than it is of no use anyway. Passphrase allows blanks so one can put there a whole sentece(s) (that is why it is a "passphrase" not a "password").
And when a key is needed to encrypt... I believe that it matters from several points of view: in some stream ciphers there is a great problem with repetition... If the key size is small, repetition comes... in block ciphers if the key is short, then it is easier to bruteforce it. So if I know the plaintext, have the ciphertext and know the algorythm that produced such output... One can run bruteforce on that and if the key is five LETTERS (from which are pseudorandom sequences computed), then one is looking at 26^5 differences.
I have heard a story (not sure if it is true) about DES. That when it was used with a shorter key (don't remember exact size), there was sort of a competition who will break it... And when there was a computing power to crack it in a week, the message was something like: "It is time to move to a bigger key".
Anyway... Hope taht explains at least some of it. Tomas McGill, Lachlan wrote:
Am I right in assuming that an encrypted file/email is only as secure as the passphrase used for the private key? i.e. If i use the passphrase 'password' then does it become irrelevant what key size I use to encrypt the data? If someone can please briefly explain this to me I would be much appreciative. Thanks. --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Crypto Question McGill, Lachlan (Nov 07)
- Re: Crypto Question Ted Rolle (Nov 07)
- Re: Crypto Question Ted Rolle (Nov 07)
- Re: Crypto Question John Borwick (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Wu Fei Liang (Nov 07)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
- Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
- Re: Crypto Question Florian Streck (Nov 17)
- <Possible follow-ups>
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
- Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)