Weak encryption keys
Jacob Bachmeyer
jcb62281 at gmail.com
Mon Mar 22 23:32:14 CET 2021
jsmith9810 at gmx.com wrote:
>> [...]
>
> A private key protected by weak blowfish cipher is by no means more at risk
> compared to an unencrypted key, which GnuPG has no problem with.
>
The difference is that you *know* an unencrypted key is lying around at
risk of compromise, and you knowingly chose to take that risk when you
chose to store the key unencrypted.
> Also, from what I've read about blowfish weak keys (and I admit I didn't spend
> too much time on it), the attacks are unrealistic in that even though they
> reduce the complexity compared to brute forcing a 128-bit key, it's still
> near-impossible to retrieve the plain-text or the key itself within reasonable
> amount of time. And I also recall reading that it requires a large amounts of
> known plain-text and corresponding cipher-text data. In this case, it's a
> unique key that's only used to encrypt a few hundred bytes of data. So the risk
> of an attacker being able to just "crack" your private key based on the weakness
> of the cipher key seems to be quite an overstatement.
>
I am assuming that there is some more severe problem with OpenPGP
Blowfish key wrapping, since the situation you describe would not
warrant the measures GPG has taken. (In other words, I am assuming that
the GPG developers know something here that we do not, and I believe
that to be a reasonable assumption.)
> Besides, shouldn't the assessment of the security of the key be better left to
> the user? It would be totally reasonable to warn the user about the potential
> risks and even make a recommendation to revoke this key. But not allowing them
> to decrypt something that was previously encrypted with this key doesn't seem
> justifiable even if the risks were as high as you stated.
>
You are correct that the situation you describe does not reasonably
support completely rejecting the key. That is the reason I expect that
there is a problem serious enough that the key should be considered
compromised.
-- Jacob
More information about the Gnupg-users
mailing list