From: "Ben Laurie" <[EMAIL PROTECTED]> > BTW, I don't see why using a passphrase to a key makes you vulnerable to > a dictionary attack (like, you really are going to have a dictionary of > all possible 1024 bit keys crossed with all the possible passphrases? > Sure!).
At least in OpenPGP, the correctness of the passphrase can be checked just by verifying a CRC, without any PK operation. Quoting RFC2440: 5.5.3. Secret Key Packet Formats [...] The 16-bit checksum that follows the algorithm-specific portion is the algebraic sum, mod 65536, of the plaintext of all the algorithm- specific octets (including MPI prefix and data). With V3 keys, the checksum is stored in the clear. With V4 keys, the checksum is encrypted like the algorithm-specific data. This value is used to check that the passphrase was correct. (OK, that weakness can't be ascribed to RSA, but it's there.) Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]