[10325] in cryptography@c2.net mail archive
Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Tue Jan 29 18:25:05 2002
Message-ID: <003201c1a8dd$f7f74220$0200000a@noip.com>
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: "Ben Laurie" <ben@algroup.co.uk>
Cc: "Cryptography List" <cryptography@wasabisystems.com>
Date: Tue, 29 Jan 2002 23:59:41 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
From: "Ben Laurie" <ben@algroup.co.uk>
> BTW, I don't see why using a passphrase to a key makes you vulnerable to
> a dictionary attack (like, you really are going to have a dictionary of
> all possible 1024 bit keys crossed with all the possible passphrases?
> Sure!).
At least in OpenPGP, the correctness of the passphrase can be checked just
by verifying a CRC, without any PK operation. Quoting RFC2440:
5.5.3. Secret Key Packet Formats
[...]
The 16-bit checksum that follows the algorithm-specific portion is
the algebraic sum, mod 65536, of the plaintext of all the algorithm-
specific octets (including MPI prefix and data). With V3 keys, the
checksum is stored in the clear. With V4 keys, the checksum is
encrypted like the algorithm-specific data. This value is used to
check that the passphrase was correct.
(OK, that weakness can't be ascribed to RSA, but it's there.)
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
