On Sun, Jun 13, 2004 at 07:23:49AM -0700, William Ballard wrote: > Assuming I have a good sized key with a really, really good passphrase, > how easy will it be to crack GnuPG encryption if the cracker has access > to the Private Key? > > [Believe it or not, I have a port of GnuPG that runs as a command line > app on a PocketPC. Right now I can't think of a convenient way to keep > the Private key off the device, it can't use a USB keychain.]
I don't really know how much easier it will be, but I do know that it'll be much easier than NOT having your private key. Two alternatives are to have a seperate key at home, and every time you encrypt something TO your PocketPC key, also encrypt it to your other private key. Then as soon as you've read it on your PocketPC, delete it and store a copy at home. Any time you encrypt something FROM your PocketPC, don't encrypt it to the local key. Only to the receiving key and possibly your home key. That'll give you MORE protection than just using everything normally, but much as with GnuPG itself, nothing will ever give you FULL protection. The other option, is to use just about ANY type of removable storage. Can you use any sort of memory cards/sticks with the device? Anything that will allow you to keep the key seperate from the device is a good thing. If you have internet access on the device and you can establish some sort of a good secure connection between the device and a server (somehow I doubt the PocketPC supports VPN), then you can just download the private key when you need it and delete it right after that. With all of the above said, keep in mind that encryption is not about making your data impossible to read. It's about making it DIFFICULT enough that no one will put in the required amount of time and resources to break it. The opposite is also true whatever. If you make it too difficult for YOURSELF to use the encryption, you'll stop using it in which case it's the same as someone having cracked your private key. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
