I'm studiing the PGP (and GPG) documentation. As known, one of the major
(and known, of course) risk is a dictionary attack on a (stolen) private
secret keyring. Everywhere is written, that this type of attack is very
easy to do (is somebody get my keyring) but I can't find any documents
about this type of attack.
I have the GPG sources, but this didn't help me. Can anybody send me a
link to this type of documentation?
Thanks
Michal
--
Michal Vymazal
vymazal at secunet dot cz
It's not that easy to do, especially if the iterated and salted S2K
method is used (section 3.6.1.3 of RFC 2440). If you're dumb enough to
use just salted S2K or even simple S2K, then you deserve what you get
(and don't even get me started about unprotected secret keys).
> I have the GPG sources, but this didn't help me. Can anybody send me a
> link to this type of documentation?
Sounds to me like you don't know what a dictionary attack is, so start
here: <http://en.wikipedia.org/wiki/Dictionary_attack>
--
___ _ _____ |*|
/ __| |/ / _ \ |*| Shawn K. Quinn
\__ \ ' < (_) | |*| skq...@speakeasy.net
|___/_|\_\__\_\ |*| Houston, TX, USA
--
Michal Vymazal
vymazal at secunet tecka cz
Yeah basically don't let someone get ahold of your secret key, lol.
Or have a really good password.
Anything suceptible to dictionary attack deserves to get cracked in the
first place, lol.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFESEG2b/8X6V5MpAURAmPUAJ9y01aC2CnbVkp0WcZV2XL3Hi7sJACgoMGy
WoWS24iSBFFe71G3vv+qzcE=
=XrhG
-----END PGP SIGNATURE-----
>
>Yeah basically don't let someone get ahold of your secret key, lol.
>
>Or have a really good password.
>
>Anything suceptible to dictionary attack deserves to get cracked in the
>first place, lol.
Okay, what the heck is a dictionary attack? Suppose my password is
"droptrashcanterminateacidradiohotel" Can a dictionary attack crack this
password? If so, how does it work?