Home page logo
/

basics logo Security Basics mailing list archives

Re: Crypto Question
From: Florian Streck <streck () papafloh de>
Date: Mon, 17 Nov 2003 18:08:32 +0100

On Fri, Nov 14, 2003 at 07:51:04PM -0500, Mitchell Rowton wrote:
McGill, Lachlan wrote:

Am I right in assuming that an encrypted file/email is only as secure as 
the passphrase used for the private key? i.e. If i use the passphrase 
'password' then does it become irrelevant what key size I use to encrypt 
the data?

If someone can please briefly explain this to me I would be much 
appreciative.

Not quite. The Passphrase secures your private key so that the admin of
your system who might be able to get your private key is still unable to
use it. The problem with weak passwords in this scenario is that he
might try a brute force attack. If he can get the password he can decryt
your files/mails and sign as you.

Maybe the same question from a different angle.  If I make a private key 
with "password" as the password and you do the same...  Our private keys 
still cant decrypt each others messages.  So while im confident that it 
is somehow bad to have simple passwords, i dont know why.  Can anyone 
explain this better?

Florian Streck


-- 
The primary cause of failure in electrical appliances is an expired
warranty.  Often, you can get an appliance running again simply by changing
the warranty expiration date with a 15/64-inch felt-tipped marker.
                -- Dave Barry, "The Taming of the Screw"

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]