surrendering one's passphrase to authorities

Robert J. Hansen rjh at
Wed Mar 4 00:40:18 CET 2009

Atom Smasher wrote:
> i would think the FBI (presuming that they're involved) would be able to
> brute-force a pass-phrase in less than a year. they have the disk, so in
> all likelihood the weakest link in the chain is the pass-phrase (and
> that's assuming that there's no cache/tmp files that are not encrypted).
> does anyone know details about PGPDisk's string-to-key algorithm(s)?

Yes.  It's the same as the S2K in OpenPGP, last I checked -- which is
specifically designed to make brute forcers slow.

Let's say the guy has a passphrase with 64 bits of entropy.  Assume you
have a massively distributed network and some truly cutting-edge math,
you could probably do it in two solid years of work.  The RC5 project on took 18 months to do 64 bits, but RC5 wasn't designed to
be very slow to rekey.

Now consider just how many 64-bit keys the US government would like to
crack.  It probably numbers in the millions.

Now consider how high this guy's passphrase stands in the to-do list.

More information about the Gnupg-users mailing list