17 Oct
2002
17 Oct
'02
06:48
I am wondering if people would comment on a security configuration where a PGP public key and private key are both well known, but the private key is protected with a very strong passphrase. Let's assume that in this case, that is the only security I can guarantee. How safe would messages encrypted with the public key be?
The maximum strength is determined by the passphrase. Weaknesses in the private key file format or other things could well lower the strength of the private key's secrecy. For a provocative question, define "a very strong passphrase". Why is the secret key in the hands of someone who mustn't have it? Is this party the root user? Tobias