surrendering one's passphrase to authorities
David Shaw
dshaw at jabberwocky.com
Wed Mar 4 01:34:12 CET 2009
On Mar 3, 2009, at 6:04 PM, Atom Smasher wrote:
> On Tue, 3 Mar 2009, David Shaw wrote:
>
>>> This article caught my eye. One of the things that I gleaned from
>>> the article is that it's obvious that law enforcement (at this
>>> level) does not have the ability to brute-force crack PGP
>>> encrypted data. Instead, the courts are attempting to force the
>>> surrender of the passphrase.
>>
>> Well, maybe. It's also possible that law enforcement does have the
>> ability to get into the encrypted data (by some means - I doubt
>> brute force), but does not want the knowledge of that ability to be
>> made public.
> ===================
>
> i would think the FBI (presuming that they're involved) would be
> able to brute-force a pass-phrase in less than a year. they have the
> disk, so in all likelihood the weakest link in the chain is the pass-
> phrase (and that's assuming that there's no cache/tmp files that are
> not encrypted).
Good point. I was thinking about the session key, which is basically
brute forcing proof. The passphrase would indeed be an easier attack.
The lawyer discussion I posted (http://volokh.com/posts/chain_1197670606.shtml
) suggests that law enforcement did try to "guess" (his word) the
passphrase. Guessing could be anything from trying two or three
passphrases before giving up to running a list of common passphrases
against it. For all we know, they're still running the passphrase
guesser right now.
David
More information about the Gnupg-users
mailing list