Strength of passphrase encryption

[Mike Perry]

I have a quick question. What algorithm does gpg use to encrypt your
private keyfile on your disk? Does it have any known classes of weak
keys? Can it be brute-forced quickly?  Obviously this depends on the
length of the passphrase, if it's dictionary based, etc. But independent
of these, is it an easily brute-forced cipher, or a slowly brute-forced
cipher?

The reason I ask is that Linux's loop-aes and other encrypted file
systems allow you to use gpg to encrypt your actual filesystem key
with a special public key created just for your FS. When the FS is
mounted, you are prompted for your gpg password for that private key.

Thus the strength of the whole system essentially hinges on gpg's
ability to protect your private key after it has fallen into the wrong
hands. Was gpg designed with this possibility in mind? All the docs
essentially say to guard your private key with your life, so I worry
that the authors may have just assumed that if your key is stolen, all
is lost, and didn't bother to encrypt it effectively.

Thanks,

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs