On Wed, Aug 09, 2000 at 11:05:02AM -0400, Derek Atkins wrote:
>
> Um, it has been the case in the past that the secret keyring was
> encrypted using IDEA and the user's passphrase. I doubt that this
> has changed recently.
The cluelesness is in the second sentence, not the first.
It's 1) saying that the passphrase can "usually be broken". I'm sure
that some people manage to choose poor/short passphrases, but "usually"
would be pushing it. 2) that "cracker, Satan or cops" are passphrase
crackers. Cops and Satan have simple UNIX passWORD crackers, and crack
(not "cracker") was for a long time the best UNIX password cracker, but none
of them are without modification useable for cracking PGP passphrases.
> Ian BROWN <[EMAIL PROTECTED]> writes:
>
> > I'm not sure how much confidence one of the paper's footnotes gives me:
> >
> > >26. The secret key ring in PGP is usually encrypted with a much simpler
> > >crypto-system. Also the key ring is subject to a pass phrase but this can
> > >usually be broken using one of the hacker programs available on the Internet
> > >such as cracker, Satan, or cops.
> >
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
