On Tue, Jun 10, 2008 at 11:30:40AM +0200, Jochen Schulz wrote:
Nathaniel Homier:
Sudev Barar wrote:
Yes, but if you are carrying private key in your pen drive and you
loose it or some one copies it your total security is compromised
howsoever strong encryption algorithm was used to generate the key
pair.
I was under the impression that the pass phrase encrypted the file and
that to make use of the private key I would have to supply my pass
phrase, so I thought the private key was useless without the pass
phrase.
Correct.
The 4096 bit just means that it would be pretty much impossible
with todays tech to brute force the pass phrase,
No, 4096 bit is the length of the key. Such a key is resistant to brute
force ("guessing it"). If someone has your key (encrypted with your
passphrase), the target of a brute force attack is obviously your
passphrase because it would reveal your key unencrypted.
Actually, the private/public algorithms we normally use (RSA and DSA)
are not as robust to brute-force methods as the symmetric encryption
methods (e.g. AES).
Therefore an RSA key of 512 bits is something that is not considered
safe by any standards, whereas an AES key of 128 bits will probably
withstand brute-force search for quite some time (256 bits keys is
normally recopmmended "to be on the safe side").