Secret key storage question

David Shaw dshaw at
Tue Jun 18 19:53:02 CEST 2002

On Tue, Jun 18, 2002 at 10:21:08AM -0400, Gordon Worley wrote:
> When secret keys are stored in GnuPG, how much does the passphrase 
> protect them?
> I'm trying to figure out a couple of things.  For example, if the 
> passphrase is being used to keep the secret keys unreadable, then am I 
> correct in thinking that your passphrase should be the same length as 
> the key it's protecting so that a brute force attack on either would 
> take just as long?

You actually have four factors (not two):

1) The length of the key you are protecting.
2) The strength of the algorithm you are protecting the key with
   (the protection algorithm).
3) The strength of the hash algorithm and method you are using to make
   your passphrase into a key for #2.
4) The strength of your passphrase.

"Breaking" any of these items gives an attacker the secret key.  It
doesn't matter much if one factor is weaker than the others (say,
using a very strong S2K algorithm to protect a very small key).  You
just need to make sure that the weakest link in the chain is strong
enough.  #1-3 are generally so strong that in pretty much all
practical uses, the weakest link by far is the passphrase.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list