Options to revoke a key

Atom 'Smasher' atom-gpg at suspicious.org
Sun Oct 26 22:00:04 CET 2003

> [Please honour my Mail-Followup-To header; I'm subscribed to the list,
> and list followups don't need to Cc me.]
sorry about that...

> > > As far as the software is concerned, someone who has lost their
> > > passphrase is indistinguishable from someone who never knew it.
> >
> > although, if you remember pieces of it, then you do (in theory) have
> > an advantage over anyone else who might try to brute-force it.... with
> > the pieces that you know, and some programming, it still may not be
> > feasible to crack your own password.
> Which is indistinguishable to the software; it doesn't matter, as far as
> the algorithm is concerned, how much knowledge you have if you're
> brute-forcing passwords.

all i'm saying is that (hypothetically) someone who knows that a password
starts with a lowercase "abc", ends with a capital "XYZ", and has a total
of 8 alpha-numeric characters, then they should be able break the password
*MUCH* faster than someone who does not have that much information...
they've just reduced the size of the attack from unknown, to 62^2, or just
under 12 bits of attack space.

on the other hand, if one party knows that the password contains the
string "abc", that doesn't really help much... the password could be
"abc123", or it could be "!5mZR?abc+dHu3RfEz"

depending on how much information is known about the password, and how
well that information can be applied to the problem via a cracking
program, the information could significantly reduce the size of the
password space... instead of a password that has a 0.5 chance of being
cracked before the earth crashes into the sun, an attacker may have a 0.5
chance of cracking it before dinner (in this context, an attacker may be
the legitimate owner of the password).


PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"The more corrupt the state, the more numerous the laws."
		-- Tacitus (A.D. 55?-130?)

More information about the Gnupg-users mailing list