Re: Crypto Question

[Florian Streck <streck () papafloh de>]

On Fri, Nov 14, 2003 at 07:51:04PM -0500, Mitchell Rowton wrote:
> McGill, Lachlan wrote:
>
> > Am I right in assuming that an encrypted file/email is only as secure as 
> > the passphrase used for the private key? i.e. If i use the passphrase 
> > 'password' then does it become irrelevant what key size I use to encrypt 
> > the data?
> >
> > If someone can please briefly explain this to me I would be much 
> > appreciative.

Not quite. The Passphrase secures your private key so that the admin of
your system who might be able to get your private key is still unable to
use it. The problem with weak passwords in this scenario is that he
might try a brute force attack. If he can get the password he can decryt
your files/mails and sign as you.

> Maybe the same question from a different angle.  If I make a private key 
> with "password" as the password and you do the same...  Our private keys 
> still cant decrypt each others messages.  So while im confident that it 
> is somehow bad to have simple passwords, i dont know why.  Can anyone 
> explain this better?

Florian Streck


-- 
The primary cause of failure in electrical appliances is an expired
warranty.  Often, you can get an appliance running again simply by changing
the warranty expiration date with a 15/64-inch felt-tipped marker.
                -- Dave Barry, "The Taming of the Screw"

Attachment: _bin
Description: