passphrase or random characters the safest

Ryan Malayter rmalayter at bai.org
Tue May 31 18:09:36 CEST 2005


Just to inject some practicality into the discussion, a pass phrase with
more than 64 bits of entropy is probably safe from all non-governmental
attackers. After all, it took distributed.net five years to crack 64-bit
RC5 using tens of thousands of machines.

Beyond 64 bits, attacks against the endpoint computers (keyboard
sniffers, etc.) and the key holder's body will be far more
cost-effective and attractive. The pass phrase would certainly not be
the weakest link in the security chain.

Using a 2311000-word Oxford English Dictionary (the latest count I found
on their web site), that's CEILING(64/log2(231100)) = 4 randomly
selected English words. Much easier to remember, and those four words
would actually provide 71+ bits of entropy. 

As 9/11 taught us, it's pointless to build ever-stronger defenses
against attacks we already know how to defeat. Our bomb-sniffing and
X-ray machines failed us when faced with a few fanatics carrying
box-cutters. It is the *new* avenues of attack that we must think about
and guard against. A 256-bit-strong OpenPGP pass phrase is pointless
when used on a machine compromised by a keyboard sniffer, or when used
to hide secrets from an attacker that is willing to torture the key
owner.

I recommend Bruce Schneier's latest books, _Secrets and Lies_ and
_Beyond Fear_, which have great discussions of *practical* security.

	-Ryan-




More information about the Gnupg-users mailing list