[Q] Diceware password size

[Werner Koch]

On Tue, 27 May 2003 17:55:39 -0400, Daniel Carrera said:

> I mean, if it's so easy to grab the passphrase as you say it is, why 
> bother with GnuPG at all?

GnuPG protects quite well against any non-targeted attack,
e.g. Echelon.  If you don't use a networked machine and instead copy
your messages using a floppy disk to a networked machine (encrypted)
it should also give a good security against any remote direct targeted
attack.

> software-based attacks.  I already use Unix/Linux where viruses and worms 
> are less common, and I don't generally install software from unknown 

I would not count on this.  For a skilled and motivated attacker or a
government it should be easy to identify an exploitable bug in any
involved software (OS or any of the installed applications) and keep
that bug secret for their own use.


-- 
  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi