Thank you for your answers Werner. I was fairly certain myself about the first question you answered. Its a 'well its obvious' kind of question.
I wasn't sure about the second one, and I am too snowed under at work dealing with radius and voip stuff for me to read through the various *PGP source codes around to look at it from a logical point of view. Many thanks. On Tue, 07 Sep 2004 14:06:29 +0200, Werner Koch <[EMAIL PROTECTED]> wrote: > On Tue, 7 Sep 2004 13:24:39 +0800, Padraig MacIain said: > > > problem. However, does it offer a great risk for something like > > OpenPGP if the passphrase used to access the secretkey is partially > > That depends on quality of the passphrase; it makes dictionary attacks > easier. > > > compromised? And in turn if the passphrase is completely known yet the > > secret key is still secured (physically) does knowing this passphrase > > risk a complete compromise of the key pair? > > No. The protection of the private key is is independent of the key. > They are in no way related. The key is based on a random string and > only the protection of this key is based on the passphrase. This > protection only helps against a lost (but protected) private key. > > Salam-Shalom, > > Werner > > -- Padraig MacIain url: http://www.bur.st/~darke/ (Nimheil) "That is not dead which can eternal lie, and with strange aeons even death may die."
