surrendering one's passphrase to authorities
Atom Smasher
atom at smasher.org
Wed Mar 4 01:11:31 CET 2009
On Tue, 3 Mar 2009, Robert J. Hansen wrote:
> Yes. It's the same as the S2K in OpenPGP, last I checked -- which is
> specifically designed to make brute forcers slow.
>
> Let's say the guy has a passphrase with 64 bits of entropy. Assume you
> have a massively distributed network and some truly cutting-edge math,
> you could probably do it in two solid years of work. The RC5 project on
> distributed.net took 18 months to do 64 bits, but RC5 wasn't designed to
> be very slow to rekey.
>
> Now consider just how many 64-bit keys the US government would like to
> crack. It probably numbers in the millions.
>
> Now consider how high this guy's passphrase stands in the to-do list.
==================
most people don't use pass-phrases that strong. in any case, we're talking
about something that can realistically be broken in a reasonable amount of
time (compared to several times the age of the universe) using real-world
technology, not like trying to crack a messages that was intercepted on
the wire, and encrypted with 4096 RSA or a 256bit twofish.
--
...atom
________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Human beings, who are almost unique in having the ability
to learn from the experience of others, are also remarkable
for their apparent disinclination to do so."
-- Douglas Adams, Last Chance to See
More information about the Gnupg-users
mailing list