private key protection

Kevin Kammer Lists.gnupg at mephisto.fastmail.net
Mon Jun 25 17:08:23 CEST 2012


On Tue, Oct 18, 2011 at 09:15:14AM -0400 Also sprach Mark H. Wood:
> On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote:
> > >> I'm going to lean very far out the window and assume he meant the actual
> > >> private key, not the private key-ring/-file/...
> > > 
> > > I'm not sure I understand the distinction you're making there.
> > 
> > One is protected with a passphrase (i.e. it's encrypted), the other is
> > in the clear.
> > 
> > If I manage to steal your private keyring, then yes the very strong
> > passphrase should grind my attempts to steal your key to a halt.
> 
> Well, not quite.  Eventually you would get it.  

Eventually being...  the age of the Earth?  Provided one's private key
is protected by a suitably "good" passphrase, then the problem of
cracking the symmetric encryption used to protect the private key is
comparable to the problem of cracking an encrypted message's session
key. 

That is to say, if an attacker has the resources to break the
encryption used to protect a private key, in a practical span of time,
that implies that they can apply the same techniques to reading your
encrypted messages without the private key, which makes stealing it
less than essential.



More information about the Gnupg-users mailing list