gnupg encrypted mail and malware/spam

Ingo Klöcker
Sun May 11 23:55:03 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 11 May 2003 22:11, Thomas Scheffczyk wrote:
>   Just an remark: If a password ist just composed of upper and
> lowercase alpabetic characters and digits it has a 'entropy' of about
> 70/255, with all direct accessible characters about 90/255. So a
> 'average' 8 character long password is comparable with a 16 to 24 bit
> symmetric key. Knowing this, even a brute force attack can be
> amazingly successful against 'real' passwords. But this leads to a
> new question that I would like to ask in a new thread: user choosen
> or generated passwords - what is more secure?

Well, of course generated passwords are more secure to be broken by=20
outsiders. OTOH, insiders might easily be able to break such passwords=20
because often the passwords can be found under the keyboard or on the=20
monitor. The best solution is the usage of smartcards. Then the secret=20
key can't be compromised because it never leaves the smartcard.


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)