On Mar 3, 2009, at 6:04 PM, Atom Smasher wrote:
On Tue, 3 Mar 2009, David Shaw wrote:
This article caught my eye. One of the things that I gleaned from
the article is that it's obvious that law enforcement (at this
level) does not have the ability to brute-force crack PGP
encrypted data. Instead, the courts are attempting to force the
surrender of the passphrase.
Well, maybe. It's also possible that law enforcement does have the
ability to get into the encrypted data (by some means - I doubt
brute force), but does not want the knowledge of that ability to be
made public.
===================
i would think the FBI (presuming that they're involved) would be
able to brute-force a pass-phrase in less than a year. they have the
disk, so in all likelihood the weakest link in the chain is the pass-
phrase (and that's assuming that there's no cache/tmp files that are
not encrypted).
Good point. I was thinking about the session key, which is basically
brute forcing proof. The passphrase would indeed be an easier attack.
The lawyer discussion I posted (http://volokh.com/posts/chain_1197670606.shtml
) suggests that law enforcement did try to "guess" (his word) the
passphrase. Guessing could be anything from trying two or three
passphrases before giving up to running a list of common passphrases
against it. For all we know, they're still running the passphrase
guesser right now.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
