[Q] Diceware password size
Werner Koch
wk@gnupg.org
Wed May 28 09:46:01 2003
On Tue, 27 May 2003 17:55:39 -0400, Daniel Carrera said:
> I mean, if it's so easy to grab the passphrase as you say it is, why
> bother with GnuPG at all?
GnuPG protects quite well against any non-targeted attack,
e.g. Echelon. If you don't use a networked machine and instead copy
your messages using a floppy disk to a networked machine (encrypted)
it should also give a good security against any remote direct targeted
attack.
> software-based attacks. I already use Unix/Linux where viruses and worms
> are less common, and I don't generally install software from unknown
I would not count on this. For a skilled and motivated attacker or a
government it should be easy to identify an exploitable bug in any
involved software (OS or any of the installed applications) and keep
that bug secret for their own use.
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi