Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
Enzo Michelangeli
em at who.net
Tue Jan 29 10:59:41 EST 2002
From: "Ben Laurie" <ben at algroup.co.uk>
> BTW, I don't see why using a passphrase to a key makes you vulnerable to
> a dictionary attack (like, you really are going to have a dictionary of
> all possible 1024 bit keys crossed with all the possible passphrases?
> Sure!).
At least in OpenPGP, the correctness of the passphrase can be checked just
by verifying a CRC, without any PK operation. Quoting RFC2440:
5.5.3. Secret Key Packet Formats
[...]
The 16-bit checksum that follows the algorithm-specific portion is
the algebraic sum, mod 65536, of the plaintext of all the algorithm-
specific octets (including MPI prefix and data). With V3 keys, the
checksum is stored in the clear. With V4 keys, the checksum is
encrypted like the algorithm-specific data. This value is used to
check that the passphrase was correct.
(OK, that weakness can't be ascribed to RSA, but it's there.)
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list