key security
Trevor Smith
Trevor Smith" <trevor@haligonian.com
Wed Apr 10 05:24:01 2002
On Tue, 9 Apr 2002 18:14:23 -0700, (null) wrote:
>Assuming GPG's hash is sound: If a passphrase consists of _truly_ random
>characters from, say, a set of 64 printable characters such as the ones
>used for Base64 encoding, then each character contributes log_2(64) ==
>6 bits to the entropy of the passphrase. So a 22-character passphrase
>using this approach represents 132 bits of entropy; thus at this point
>the passphrase is not the weak link in a 128 bit cryptosystem.
Sorry, as a non-technical user, I'm still at a loss.
A scenario:
1. you have my private key but not my passphrase
2. my passphrase is:
AGbaka-g92kLA.ba29bskt2blb992asjg.220tu0-ut\]ablb292a[B<><?919GU
(or something similar)
3. my key size is 1024
4. you have a message encrypted with my public key
Which is easier:
A. crack my passphrase (brute force?) to get to my private key or
B. attack the message itself, ignoring the private key?
What if my key size is 2048? 4096?
--
Trevor Smith | trevor@haligonian.com