On 18 Sep 2000 03:43 Andrew So Hing-pong wrote:
>I have a problem about security that make me feel confusing.
>In SSL, it talks about 128 bit encrypted. But in PGP,
>it uses 1024 bits for encrytion. At all, which one is more
>security. Pls explain it or give me some links to find out.
>thanks,
PGP generates a 128bit key for one time use with this message (session
key).
PGP encrypts the message using the 128bit session key.
The 128bit session key is then encrypted using the recipient's large
(1024bit) public key.
The message and the session key are then sent to the recipient in a single
message.
The recipient's PGP uses his 1024bit private key to decrypt the 128bit
session key.
PGP then uses the 128bit session key to decrypt the message data.
SSL does something very similar when setting up the encrypted session. A
128bit session key is generated and transferred using a larger public key. Then
the encrypted session is conducted using the 128bit session key.
This is a little simplified, but it should answer your question.
--
Anthony E. Greene <[EMAIL PROTECTED]> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AIM: TonyG05 ICQ: 91183266/TonyGreene Jabber: TonyGreene
Linux. The choice of a GNU Generation. <http://www.linux.org/>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
