[7645] in cryptography@c2.net mail archive
Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
daemon@ATHENA.MIT.EDU (Eric Murray)
Wed Aug 9 13:24:08 2000
Date: Wed, 9 Aug 2000 08:29:15 -0700
From: Eric Murray <ericm@lne.com>
To: Derek Atkins <warlord@mit.edu>
Cc: Ian BROWN <I.Brown@cs.ucl.ac.uk>, "R. A. Hettinga" <rah@shipwright.com>,
Digital Bearer Settlement List <dbs@philodox.com>, dcsb@ai.mit.edu,
cryptography@c2.net, cypherpunks@cyberpass.net
Message-ID: <20000809082915.A21426@slack.lne.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <sjmu2cu4grl.fsf@rcn.ihtfp.org>; from warlord@MIT.EDU on Wed, Aug 09, 2000 at 11:05:02AM -0400
On Wed, Aug 09, 2000 at 11:05:02AM -0400, Derek Atkins wrote:
>
> Um, it has been the case in the past that the secret keyring was
> encrypted using IDEA and the user's passphrase. I doubt that this
> has changed recently.
The cluelesness is in the second sentence, not the first.
It's 1) saying that the passphrase can "usually be broken". I'm sure
that some people manage to choose poor/short passphrases, but "usually"
would be pushing it. 2) that "cracker, Satan or cops" are passphrase
crackers. Cops and Satan have simple UNIX passWORD crackers, and crack
(not "cracker") was for a long time the best UNIX password cracker, but none
of them are without modification useable for cracking PGP passphrases.
> Ian BROWN <I.Brown@cs.ucl.ac.uk> writes:
>
> > I'm not sure how much confidence one of the paper's footnotes gives me:
> >
> > >26. The secret key ring in PGP is usually encrypted with a much simpler
> > >crypto-system. Also the key ring is subject to a pass phrase but this can
> > >usually be broken using one of the hacker programs available on the Internet
> > >such as cracker, Satan, or cops.
> >
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
