mailing list archives
Re: Crypto Question
From: Florian Streck <streck () papafloh de>
Date: Mon, 17 Nov 2003 18:08:32 +0100
On Fri, Nov 14, 2003 at 07:51:04PM -0500, Mitchell Rowton wrote:
McGill, Lachlan wrote:
Am I right in assuming that an encrypted file/email is only as secure as
the passphrase used for the private key? i.e. If i use the passphrase
'password' then does it become irrelevant what key size I use to encrypt
If someone can please briefly explain this to me I would be much
Not quite. The Passphrase secures your private key so that the admin of
your system who might be able to get your private key is still unable to
use it. The problem with weak passwords in this scenario is that he
might try a brute force attack. If he can get the password he can decryt
your files/mails and sign as you.
Maybe the same question from a different angle. If I make a private key
with "password" as the password and you do the same... Our private keys
still cant decrypt each others messages. So while im confident that it
is somehow bad to have simple passwords, i dont know why. Can anyone
explain this better?
The primary cause of failure in electrical appliances is an expired
warranty. Often, you can get an appliance running again simply by changing
the warranty expiration date with a 15/64-inch felt-tipped marker.
-- Dave Barry, "The Taming of the Screw"
- Re: Crypto Question, (continued)