surrendering one's passphrase to authorities

Atom Smasher atom at
Wed Mar 4 01:11:31 CET 2009

On Tue, 3 Mar 2009, Robert J. Hansen wrote:

> Yes.  It's the same as the S2K in OpenPGP, last I checked -- which is 
> specifically designed to make brute forcers slow.
> Let's say the guy has a passphrase with 64 bits of entropy.  Assume you 
> have a massively distributed network and some truly cutting-edge math, 
> you could probably do it in two solid years of work.  The RC5 project on 
> took 18 months to do 64 bits, but RC5 wasn't designed to 
> be very slow to rekey.
> Now consider just how many 64-bit keys the US government would like to 
> crack.  It probably numbers in the millions.
> Now consider how high this guy's passphrase stands in the to-do list.

most people don't use pass-phrases that strong. in any case, we're talking 
about something that can realistically be broken in a reasonable amount of 
time (compared to several times the age of the universe) using real-world 
technology, not like trying to crack a messages that was intercepted on 
the wire, and encrypted with 4096 RSA or a 256bit twofish.


  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Human beings, who are almost unique in having the ability
 	 to learn from the experience of others, are also remarkable
 	 for their apparent disinclination to do so."
 		-- Douglas Adams, Last Chance to See

More information about the Gnupg-users mailing list