Weak encryption keys

Vincent Pelletier plr.vincent at gmail.com
Tue Mar 23 23:53:37 CET 2021


On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users <gnupg-users at gnupg.org> wrote:
> The difference is that you *know* an unencrypted key is lying around at 
> risk of compromise, and you knowingly chose to take that risk when you 
> chose to store the key unencrypted.

Pardon my non-gpg-familiarity, but isn't a "weak key" completely
different from a (maybe) divulged key ?

AFAIK a weak key is a key that, when used, produces a result which is
easier to break than what the cipher promises. In other word, this
would be something specific to this very key, to the value of its
components being poorly chosen, and in no way related to how it was
stored/obfuscated itself.

IOW, isn't this specific key one of the identified blowfish weak keys
classes ?
  https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
Also:
  https://en.wikipedia.org/wiki/Weak_key

Meaning not only this key, but anything it signed and/or was encrypted
for (I did not check which one is affected), may be considered
compromised ?
-- 
Vincent Pelletier
GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1



More information about the Gnupg-users mailing list