What are the risks associated with partially know cipher keys
Werner Koch
wk at gnupg.org
Tue Sep 7 05:06:29 PDT 2004
On Tue, 7 Sep 2004 13:24:39 +0800, Padraig MacIain said:
> problem. However, does it offer a great risk for something like
> OpenPGP if the passphrase used to access the secretkey is partially
That depends on quality of the passphrase; it makes dictionary attacks
easier.
> compromised? And in turn if the passphrase is completely known yet the
> secret key is still secured (physically) does knowing this passphrase
> risk a complete compromise of the key pair?
No. The protection of the private key is is independent of the key.
They are in no way related. The key is based on a random string and
only the protection of this key is based on the passphrase. This
protection only helps against a lost (but protected) private key.
Salam-Shalom,
Werner
More information about the Testlist
mailing list