PGP Corporation - CEO Blog

05 Apr, 2006

I suppose it's a sign of just how ubiquitous PGP encryption has become that we now have companies developing products to allow for the "recovery" of lost passwords. These types of products have been around a long time, but we are just now seeing the companies that publish them claim "PGP compatibility"...meaning you could conceivably decrypt a PGP-encrypted message with them.

Although password recovery products are typically positioned as an alternative to what cryptologists refer to as brute force attacks, the fact is that they are little more than a multiprocessor version of applications that generate such attacks. Basically, these products attempt to guess the password or passphrase that protects the PGP key used to encrypt user information. (I'm greatly simplifying here, but this is the basic process.) By distributing this task among a larger number of CPUs on a network and coordinating their output, you can (theoretically) greatly reduce the amount of time required to find a given password and, consequently, decrypt the file or message in question.

Modern encryption products such as PGP solutions tend to measure the length of time it takes to find the correct passphrase in "CPU years" or the number of years it would take a single processor to find the correct password. I won't go into the details here of how PGP solutions protect user passwords (I'll leave that to Jon Callas, CTO and Chief Security Officer of PGP Corporation), but I can tell you we have a very good idea of how much time it would take to find a passphrase using one of these password-recovery products.

Using a five-letter password, it would take the newest network-based password-recovery products running on current-generation hardware about 22 CPU years to find the correct string to open a PGP-encrypted message or file. Increasing your password to six characters (letters and numbers) more than quadruples this figure. Go to seven characters and the average time required to find the correct password is nearly 7,000 CPU years.

This is one of the reasons we advise our users to never use five- or even six-character passwords. It's also the reason that when we ask our users to create what we call a "passphrase," we put up a box big enough for a paragraph. We also rate the "quality" of the passphrase with an indicator that improves with the length and combination of letters, numbers, and characters used.

The primary thing to keep in mind about this type of cryptanalysis tool is that it only works if we, the users of security products, are careless in choosing our passwords. Besides always using a password or passphrase that's seven characters or longer, you should never use anything that resembles your name, the name of your spouse, dog, or company. As Jon likes to say, "Don't. Just don't."

So, although I'm flattered the password-recovery vendors believe they can materially improve their fortunes by including "support" for PGP encryption, I'm confident our solutions are more than secure enough to protect your confidential information when they are correctly used. Our ongoing commitment to public review of PGP algorithms and publication of our source code is undiminished. We reap significant benefits from having the best cryptologists in the world review (and attempt to crack) our solutions. The current password-recovery products, although interesting exercises in network computing, do not pose a serious threat to the security PGP solutions provide our users.

- Phil

		/ Home / Newsroom / CEO Blog / Password Recovery: Fact or Fiction?

Newsroom Media Releases In The News Awards & Reviews Events Article Reprints CEO Blog Current Archives CTO Corner Executive Briefs Government Regulations Webcasts Newsletter		Subscribe to CEO Blog via RSS. Password Recovery: Fact or Fiction? 05 Apr, 2006 I suppose it's a sign of just how ubiquitous PGP encryption has become that we now have companies developing products to allow for the "recovery" of lost passwords. These types of products have been around a long time, but we are just now seeing the companies that publish them claim "PGP compatibility"...meaning you could conceivably decrypt a PGP-encrypted message with them. Although password recovery products are typically positioned as an alternative to what cryptologists refer to as brute force attacks, the fact is that they are little more than a multiprocessor version of applications that generate such attacks. Basically, these products attempt to guess the password or passphrase that protects the PGP key used to encrypt user information. (I'm greatly simplifying here, but this is the basic process.) By distributing this task among a larger number of CPUs on a network and coordinating their output, you can (theoretically) greatly reduce the amount of time required to find a given password and, consequently, decrypt the file or message in question. Modern encryption products such as PGP solutions tend to measure the length of time it takes to find the correct passphrase in "CPU years" or the number of years it would take a single processor to find the correct password. I won't go into the details here of how PGP solutions protect user passwords (I'll leave that to Jon Callas, CTO and Chief Security Officer of PGP Corporation), but I can tell you we have a very good idea of how much time it would take to find a passphrase using one of these password-recovery products. Using a five-letter password, it would take the newest network-based password-recovery products running on current-generation hardware about 22 CPU years to find the correct string to open a PGP-encrypted message or file. Increasing your password to six characters (letters and numbers) more than quadruples this figure. Go to seven characters and the average time required to find the correct password is nearly 7,000 CPU years. This is one of the reasons we advise our users to never use five- or even six-character passwords. It's also the reason that when we ask our users to create what we call a "passphrase," we put up a box big enough for a paragraph. We also rate the "quality" of the passphrase with an indicator that improves with the length and combination of letters, numbers, and characters used. The primary thing to keep in mind about this type of cryptanalysis tool is that it only works if we, the users of security products, are careless in choosing our passwords. Besides always using a password or passphrase that's seven characters or longer, you should never use anything that resembles your name, the name of your spouse, dog, or company. As Jon likes to say, "Don't. Just don't." So, although I'm flattered the password-recovery vendors believe they can materially improve their fortunes by including "support" for PGP encryption, I'm confident our solutions are more than secure enough to protect your confidential information when they are correctly used. Our ongoing commitment to public review of PGP algorithms and publication of our source code is undiminished. We reap significant benefits from having the best cryptologists in the world review (and attempt to crack) our solutions. The current password-recovery products, although interesting exercises in network computing, do not pose a serious threat to the security PGP solutions provide our users. - Phil Related Links password or passphrase PGP solutions Jon Callas, CTO and Chief Security Officer