Security Basics mailing list archives
Re: Crypto Question
From: Florian Streck <streck () papafloh de>
Date: Mon, 17 Nov 2003 18:08:32 +0100
On Fri, Nov 14, 2003 at 07:51:04PM -0500, Mitchell Rowton wrote:
McGill, Lachlan wrote:Am I right in assuming that an encrypted file/email is only as secure as the passphrase used for the private key? i.e. If i use the passphrase 'password' then does it become irrelevant what key size I use to encrypt the data? If someone can please briefly explain this to me I would be much appreciative.
Not quite. The Passphrase secures your private key so that the admin of your system who might be able to get your private key is still unable to use it. The problem with weak passwords in this scenario is that he might try a brute force attack. If he can get the password he can decryt your files/mails and sign as you.
Maybe the same question from a different angle. If I make a private key with "password" as the password and you do the same... Our private keys still cant decrypt each others messages. So while im confident that it is somehow bad to have simple passwords, i dont know why. Can anyone explain this better?
Florian Streck -- The primary cause of failure in electrical appliances is an expired warranty. Often, you can get an appliance running again simply by changing the warranty expiration date with a 15/64-inch felt-tipped marker. -- Dave Barry, "The Taming of the Screw"
Attachment:
_bin
Description:
Current thread:
- Re: Crypto Question, (continued)
- Re: Crypto Question Ted Rolle (Nov 07)
- Re: Crypto Question Ted Rolle (Nov 07)
- Re: Crypto Question John Borwick (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Francisco Andrades (Nov 07)
- Re: Crypto Question Wu Fei Liang (Nov 07)
- Re: Crypto Question Adam Newhard (Nov 07)
- Re: Crypto Question Tomas Wolf (Nov 10)
- Re: Crypto Question Philip Duldig (Nov 11)
- Re: Crypto Question Mitchell Rowton (Nov 17)
- Re: Crypto Question Florian Streck (Nov 17)
- RE: Crypto Question Hagen, Eric (Nov 07)
- RE: Crypto Question Hagen, Eric (Nov 07)
- Re: Crypto Question N407ER (Nov 17)
- RE: Crypto Question Kenneth Buchanan (Nov 07)
- Re[2]: Crypto Question Vishal (Nov 17)
- Re: Crypto Question Chris Berry (Nov 17)