Re: OT: How easy is it to break GnuPG if you have the Private Key?

To: debian-user@lists.debian.org
Subject: Re: OT: How easy is it to break GnuPG if you have the Private Key?
From: Alex Malinovich <demonbane@the-love-shack.net>
Date: Sun, 13 Jun 2004 10:08:28 -0500
Message-id: <[🔎] 20040613150828.GA21918@the-love-shack.net>
Mail-followup-to: demonbane@murphy.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 20040613142349.GA2453@comcast.net>
References: <[🔎] 20040613142349.GA2453@comcast.net>

On Sun, Jun 13, 2004 at 07:23:49AM -0700, William Ballard wrote:
> Assuming I have a good sized key with a really, really good passphrase,
> how easy will it be to crack GnuPG encryption if the cracker has access 
> to the Private Key?
> 
> [Believe it or not, I have a port of GnuPG that runs as a command line 
> app on a PocketPC.  Right now I can't think of a convenient way to keep 
> the Private key off the device, it can't use a USB keychain.]

I don't really know how much easier it will be, but I do know that
it'll be much easier than NOT having your private key.

Two alternatives are to have a seperate key at home, and every time
you encrypt something TO your PocketPC key, also encrypt it to your
other private key. Then as soon as you've read it on your PocketPC,
delete it and store a copy at home. Any time you encrypt something
FROM your PocketPC, don't encrypt it to the local key. Only to the
receiving key and possibly your home key. That'll give you MORE
protection than just using everything normally, but much as with GnuPG
itself, nothing will ever give you FULL protection.

The other option, is to use just about ANY type of removable
storage. Can you use any sort of memory cards/sticks with the device?
Anything that will allow you to keep the key seperate from the device
is a good thing. If you have internet access on the device and you can
establish some sort of a good secure connection between the device and
a server (somehow I doubt the PocketPC supports VPN), then you can
just download the private key when you need it and delete it right
after that.

With all of the above said, keep in mind that encryption is not about
making your data impossible to read. It's about making it DIFFICULT
enough that no one will put in the required amount of time and
resources to break it. The opposite is also true whatever. If you make
it too difficult for YOURSELF to use the encryption, you'll stop using
it in which case it's the same as someone having cracked your private
key.

-- 
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837

Reply to:

Follow-Ups:
- Re: OT: How easy is it to break GnuPG if you have the Private Key?
  - From: William Ballard <40521.nospam@comcast.net>

References:
- OT: How easy is it to break GnuPG if you have the Private Key?
  - From: William Ballard <40521.nospam@comcast.net>

Prev by Date: Re: System Reinstall Setup
Next by Date: Re: OT: How easy is it to break GnuPG if you have the Private Key?
Previous by thread: OT: How easy is it to break GnuPG if you have the Private Key?
Next by thread: Re: OT: How easy is it to break GnuPG if you have the Private Key?
Index(es):
- Date
- Thread