[Q] Diceware password size

Werner Koch wk@gnupg.org
Wed May 28 09:46:01 2003

On Tue, 27 May 2003 17:55:39 -0400, Daniel Carrera said:

> I mean, if it's so easy to grab the passphrase as you say it is, why 
> bother with GnuPG at all?

GnuPG protects quite well against any non-targeted attack,
e.g. Echelon.  If you don't use a networked machine and instead copy
your messages using a floppy disk to a networked machine (encrypted)
it should also give a good security against any remote direct targeted

> software-based attacks.  I already use Unix/Linux where viruses and worms 
> are less common, and I don't generally install software from unknown 

I would not count on this.  For a skilled and motivated attacker or a
government it should be easy to identify an exploitable bug in any
involved software (OS or any of the installed applications) and keep
that bug secret for their own use.

  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi