surrendering one's passphrase to authorities
atom at smasher.org
Wed Mar 4 01:11:31 CET 2009
On Tue, 3 Mar 2009, Robert J. Hansen wrote:
> Yes. It's the same as the S2K in OpenPGP, last I checked -- which is
> specifically designed to make brute forcers slow.
> Let's say the guy has a passphrase with 64 bits of entropy. Assume you
> have a massively distributed network and some truly cutting-edge math,
> you could probably do it in two solid years of work. The RC5 project on
> distributed.net took 18 months to do 64 bits, but RC5 wasn't designed to
> be very slow to rekey.
> Now consider just how many 64-bit keys the US government would like to
> crack. It probably numbers in the millions.
> Now consider how high this guy's passphrase stands in the to-do list.
most people don't use pass-phrases that strong. in any case, we're talking
about something that can realistically be broken in a reasonable amount of
time (compared to several times the age of the universe) using real-world
technology, not like trying to crack a messages that was intercepted on
the wire, and encrypted with 4096 RSA or a 256bit twofish.
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"Human beings, who are almost unique in having the ability
to learn from the experience of others, are also remarkable
for their apparent disinclination to do so."
-- Douglas Adams, Last Chance to See
More information about the Gnupg-users