gnupg encrypted mail and malware/spam

Ingo Klöcker ingo.kloecker@epost.de
Sun May 11 23:55:03 2003


--Boundary-02=_forv+XU6TZij3J+
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 11 May 2003 22:11, Thomas Scheffczyk wrote:
>   Just an remark: If a password ist just composed of upper and
> lowercase alpabetic characters and digits it has a 'entropy' of about
> 70/255, with all direct accessible characters about 90/255. So a
> 'average' 8 character long password is comparable with a 16 to 24 bit
> symmetric key. Knowing this, even a brute force attack can be
> amazingly successful against 'real' passwords. But this leads to a
> new question that I would like to ask in a new thread: user choosen
> or generated passwords - what is more secure?

Well, of course generated passwords are more secure to be broken by=20
outsiders. OTOH, insiders might easily be able to break such passwords=20
because often the passwords can be found under the keyboard or on the=20
monitor. The best solution is the usage of smartcards. Then the secret=20
key can't be compromised because it never leaves the smartcard.

Regards,
Ingo


--Boundary-02=_forv+XU6TZij3J+
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+vrofGnR+RTDgudgRAoziAKC4qx59cHItuHqKp2rr/S0tOOIRfgCg2JZ3
pQw57J1NXvRbz6xH3Hk/S2A=
=EXc9
-----END PGP SIGNATURE-----

--Boundary-02=_forv+XU6TZij3J+--