How secure is GnuPG

[Ryan Malayter]

From: Daniel Carrera [mailto:dcarrera@math.toronto.edu]=20
>Have I made a mistake somewhere here?

Maybe. Any group English words, even the first letters of the words of a
sentence, are a *lot* more ordered than random characters. For example,
many times more English words start with C than with X, and most
sentences begin with an article or other short word like "the". Your
suggestion would be a very bad method of selecting random characters.

If you want 128 bits of security from a random combination of the 95
non-whitespace characters typeable on a U.S. keyboard, you need just 20
characters. But you need to use an ASCII chart and dice or another truly
random source to pick the letters well.

For example, this passphrase has ~131 bits of true entropy (truly random
ASCII numbers taken from www.random.org):
@=3D`GFXV601Sl`t_(%RQd

Certainly secure, but I don't think I could remember that, or type it
accurately. If you used DiceWare instead, this would be a passphrase of
10 randomly chosen English words, all lower case. Definitely longer, but
easier to remember and type correctly.

I personally think that using an 128-bit passphrase is overkill, as
anything passphrase of around 80 bits (13 random chars/7 DiceWare words)
is out of reach for the foreseeable future. It's taken distributed.net
more than 4 years with hundreds of thousands of computers to brute-force
a 64-bit RC5 key, and the algorithms involved in passphrase hashing are
much slower than RC5 key setup.

	-ryan-