Prev: Pi Computation Record
Next: Simple ways to throw off frequency analysis?
From: L W on 6 Jan 2010 17:15
I have a message which is encrypted with 2 PGP keys. I know one of the
keys so I can decrypt it and get the cleartext. How difficult is it to
find the second PGP key?

Thanks,
Bluray Expert
From: unruh on 6 Jan 2010 19:42
On 2010-01-06, L W <bluray.expert(a)gmail.com> wrote:
> I have a message which is encrypted with 2 PGP keys. I know one of the
> keys so I can decrypt it and get the cleartext. How difficult is it to
> find the second PGP key?

AFAIK -- very difficult, since otherwise you could always entrypt
a message with the two keys ( remember PGP uses public key crypto, so
anyone can encrypt), and then figure out what the second key is.
PGP works by encrypting the message with a symmetric key system, and
then encrypting that key with the public key system.

>
> Thanks,
> Bluray Expert
From: Joseph Ashwood on 7 Jan 2010 00:55
"L W" <bluray.expert(a)gmail.com> wrote in message
news:92dec1b8-1995-4434-8aa2-be6b85f18816(a)j5g2000yqm.googlegroups.com...
> I have a message which is encrypted with 2 PGP keys. I know one of the
> keys so I can decrypt it and get the cleartext. How difficult is it to
> find the second PGP key?

It depends on what you mean by finding the second PGP key. PGP includes a
key identifier, so if you want to find the second public key that is simple,
and obvious.

Finding the second private key is as close as reasonable to impossible. The
difficulty comes from the public key algorithm. Public Key Cryptography is
built on a difficult problem, for this purpose I'll assume its an RSA key, I
chose this because the Diffie-Hellman keys are actually more difficult, so
the attacker is in the best possible situation with RSA*. The strength of
RSA is based on the length of the modulus, default for PGP is 1024 bits,
this is the length of the modulus. In order to break RSA, the attack
requires factoring the modulus. The largest ever publicly performed was less
than 700 bits, and this required far more computation ability than you have,
so you've got quite the hill to climb for the default.

There is a lot of debate about what the "real" complexity is for larger
numbers, with some viewing that 1024 bits should be considered weak, others
believe that 1024 bits is secure. Either way no one has ever admitted to
actually factoring a two large factor number of 1000 bits of larger.

I'd wish you luck, but since you're blackhatting this one, I wish you
bankruptcy by electrical bill.
Joe






* The RSA algorithm. You should know that there are some necessary things
for security that I've omitted in the description, this is for simplicity.
p,q large primes
n = p*q
e = 65537 mostly by convention, other values work wonderfully as well
d is from d*e = 1 mod (p-1)(q-1)

public key {e,n}
private key {d,n} although stroing additional values speeds computation

encryption
X = M^e mod n

decryption
M = X^d mod n

 | 
Pages: 1
Prev: Pi Computation Record
Next: Simple ways to throw off frequency analysis?