Home page logo
/

basics logo Security Basics mailing list archives

Re: Crypto Question
From: Tomas Wolf <tomas () skip cz>
Date: Sun, 09 Nov 2003 23:05:35 -0700

It depends on what encryption algorythm is being talk about?

The term "Passphrase" is used in PGP... In this case it is not used to encrypt anything, it is to "protect" your PRIvate key. So if it is known - passphrase should keep the capturers from en/de-crypting using your private key. Therefore if the passphrase is "password" or "abc", than it is of no use anyway. Passphrase allows blanks so one can put there a whole sentece(s) (that is why it is a "passphrase" not a "password").

And when a key is needed to encrypt... I believe that it matters from several points of view: in some stream ciphers there is a great problem with repetition... If the key size is small, repetition comes... in block ciphers if the key is short, then it is easier to bruteforce it. So if I know the plaintext, have the ciphertext and know the algorythm that produced such output... One can run bruteforce on that and if the key is five LETTERS (from which are pseudorandom sequences computed), then one is looking at 26^5 differences.

I have heard a story (not sure if it is true) about DES. That when it was used with a shorter key (don't remember exact size), there was sort of a competition who will break it... And when there was a computing power to crack it in a week, the message was something like: "It is time to move to a bigger key".

Anyway... Hope taht explains at least some of it.

Tomas

McGill, Lachlan wrote:

Am I right in assuming that an encrypted file/email is only as secure as the passphrase used for the private key? i.e. If i use 
the passphrase 'password' then does it become irrelevant what key size I use to encrypt the data?

If someone can please briefly explain this to me I would be much appreciative.

Thanks.




---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------






---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]