For my purpose, I have to assume that someone can hack into to machine storing the encrypted data, and also break into the machine storing the passphrase protected private key, because they are different users on my one and only machine. Only my passphrase is off-site. So lets assume the passphrase is 30 random digits. Dale. -----Original Message----- From: Reckhard, Tobias [mailto:tobias.reckhard@secunet.com] Sent: Wednesday, October 16, 2002 11:49 PM To: suse-security@suse.com Subject: RE: [suse-security] public key encryption
I am wondering if people would comment on a security configuration where a PGP public key and private key are both well known, but the private key is protected with a very strong passphrase. Let's assume that in this case, that is the only security I can guarantee. How safe would messages encrypted with the public key be?
The maximum strength is determined by the passphrase. Weaknesses in the private key file format or other things could well lower the strength of the private key's secrecy. For a provocative question, define "a very strong passphrase". Why is the secret key in the hands of someone who mustn't have it? Is this party the root user? Tobias -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here