Re: Crypto Question

["Chris Berry" <compjma () hotmail com>]

> From: Mitchell Rowton <mitchell () attackprevention com>
> Maybe the same question from a different angle.  If I make a private key 
> with "password" as the password and you do the same...  Our private keys 
> still cant decrypt each others messages.  So while im confident that it is 
> somehow bad to have simple passwords, i dont know why.  Can anyone explain 
> this better?

Simple, becuase if someone were to gain possession of or access to your 
private key, they could brute force the password rather quickly and then 
start impersonating you.  The password is there to prevent someone from 
using your private key even if they have possession of it.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Ok, so the servers are down, the lights are out, and all I have to work 
with is a roll of duct tape, a ball point pen, a lighter, and a twenty year 
old copy of emacs. Where's the problem?"

_________________________________________________________________
MSN Shopping upgraded for the holidays!  Snappier product search... 
http://shopping.msn.com


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------