Home page logo
/

basics logo Security Basics mailing list archives

RE: Crypto Question
From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
Date: Fri, 7 Nov 2003 15:16:19 -0500


It's not universally true that larger keys provide more security.  For
instance, a 1024-bit RSA key is quite safe from brute force attacks from
pretty much anybody in the world.  If someone wants to defeat it then they
will focus on other avenues such as stealing your private key or accessing
the message after you decrypted it.  Once the key size is great enough to
make it infeasible for an attacker to break it, then making it any larger is
pointless.

A better answer to Lachlan's question, as I'm sure others will point out, is
that your passphrase strength matters if an attacker can get access to the
wrapped private key (I'm assuming that we're talking about a public-key
system here, like PGP).  But keep in mind that very very few people use
passphrases that are truly difficult to brute force, and indeed, most people
are not capable of remembering high-entropy passphrases without writing them
down.


-----Original Message-----
From: Ted Rolle [mailto:ted () php net]
Sent: Friday, November 07, 2003 12:36 PM
To: McGill, Lachlan
Cc: security-basics () securityfocus com
Subject: Re: Crypto Question


I reread your question: key size does matter because the bad guy has to
deal with a larger keyspace with the longer keys.

On Fri, 7 Nov 2003, McGill, Lachlan wrote:

Am I right in assuming that an encrypted file/email is only as secure as
the passphrase used for the private key? i.e. If i use the passphrase
'password' then does it become irrelevant what key size I use to encrypt the
data?

If someone can please briefly explain this to me I would be much
appreciative.

Thanks.



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]