Strength of passphrase encryption

Steve Butler sbutler at
Wed Nov 19 15:02:33 CET 2003

The flip side does give some hint to the strength of the encryption for the
private key.  In short, if you lose your passphrase, might as well kiss your
private key goodbye.  

-----Original Message-----
From: Mike Perry [mailto:mikepery at]
Sent: Wednesday, November 19, 2003 2:12 PM
To: gnupg-users at
Subject: Strength of passphrase encryption

I have a quick question. What algorithm does gpg use to encrypt your
private keyfile on your disk? Does it have any known classes of weak
keys? Can it be brute-forced quickly?  Obviously this depends on the
length of the passphrase, if it's dictionary based, etc. But independent
of these, is it an easily brute-forced cipher, or a slowly brute-forced

The reason I ask is that Linux's loop-aes and other encrypted file
systems allow you to use gpg to encrypt your actual filesystem key
with a special public key created just for your FS. When the FS is
mounted, you are prompted for your gpg password for that private key.

Thus the strength of the whole system essentially hinges on gpg's
ability to protect your private key after it has fallen into the wrong
hands. Was gpg designed with this possibility in mind? All the docs
essentially say to guard your private key with your life, so I worry
that the authors may have just assumed that if your key is stolen, all
is lost, and didn't bother to encrypt it effectively.


Mike Perry
Mad Computer Scientist evil labs

Gnupg-users mailing list
Gnupg-users at

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

More information about the Gnupg-users mailing list