Re: server security :: user accounts, ssh, passphrases, etc.

[owens@peak.org]

> On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
>> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
>> > My (admittedly limited) understanding of public key crypto is that the
>> > public and private key are connected by the relationship of two
>> extremly
>> > large prime numbers.  It is mathematically possible, then, to identify
>> > those numbers by factoring the numeric value of the public key and
>> then
>> > use them to deduce the value of the private key.
>>
>> Google "John the Ripper."
>
> Apples and oranges.  While John the Ripper would be capable of cracking
> the passphrase of a private key, I have been able to find nothing which
> says that, given a public key, it is able to deduce the corresponding
> private key.  On the contrary, those documents I've found which discuss
> both John the Ripper and public key crypto generally are written to
> contrast the weakness of encrypted passwords (what JtR is designed to
> attack) against the strength of public key systems.

The equations that relate the public and private keys, in addition to some
results from number theory, are based on the currently held belief that
the only way to factor the product of two large prime numbers is trial and
error.  As such it is possible, with time, to obtain the private key,
given the public key.  Hence, as typical with encryption, the larger the
prime numbers, the more tries.  If and when someone comes up with an
algorithm to more rapidly deduce the prime factors, public key encryption
(at least the RSA version) is kaput.
Larry
>
> --
> News aggregation meets world domination.  Can you see the fnews?
> http://seethefnews.com/
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>