Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:18
Mike Stay (staym@accessdata.com)
Thu, 01 Oct 1998 12:37:40 -0600
Steven soroka asked:
>Question.. How does PGP store its private keys that are encrypted with the passphrases? Is it a simple xor? Or is the passphrase hashed into a key and then xored? The reason I ask, is because I'm wondering, if I have more than one key pair... is there a security risk using the same passphrase? (other than compromise of one means compromise of the other). Is it possible for me to xor the two private keys together and retrieve the passphrase? (or the hash of the passphrase?)
> Thanks!
I just built a PGP secret keyring breaker. The keys are encrypted
symmetrically with IDEA, CAST128, or triple DES. The passphrase is
converted to a key using MD5 or SHA1 in one of three ways. The simple
string-to-key specifier (S2K) is just a hash of the passphrase. (This
hash is not stored; a 2-byte checksum of the encrypted data catches most
bad passphrases.) The salted S2K hashes 8 bytes of salt, then the
passphrase. The salted/iterated S2K has a byte count and hashes
salt+passphrase repeated as many times as is needed to get that number
of bytes.
Defaults for PGP 6 are CAST128, SHA1, salted/iterated, 65536 bytes. With
these defaults, you can't do much in the way of correllating information
from the two keys.
Defaults for PGP 2.x are IDEA, MD5, simple. With the same passphrase,
you can get an XOR of the two keys.
-- Mike Stay Cryptographer / Programmer AccessData Corp. mailto:staym@accessdata.com
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:18