Interesting article on password guessing via cloud computing

Hardeep Singh hs2412 at
Sat Nov 14 16:02:25 CET 2009

Hi David Vedaal and everyone

This is something even I have thought: this seems to be a sure way to
prevent such computing from being able to 'guess' the password. Why is
then, parallel computing being haled as the antidote to privacy?

Hardeep Singh
Sent from Delhi, India

On Thu, Nov 5, 2009 at 8:35 PM,  <vedaal at> wrote:
> David Shaw <dshaw () jabberwocky ! com>
> wrote on 2009-11-04 18:34:49 :
>>This is not, of course, an OpenPGP "crack", but rather high-speed
>>password guessing.
> a trivial way to defeat this,
> would be to provide each client with a pgp keypair,
> (physically presented to the client upon the initial transaction
> agreement),
> and then encrypt the zipfile to a key and not even use a passphrase
> what would be even more interesting,
> is if it could be done in a way that truecrypt uses to protect its
> encrypted volumes, where the user can choose to use a keyfile as
> well as a passphrase, but it cannot be determined before decryption
> if a keyfile, passphrase, both or only one,  has been used
> so, imagine if a client has a zipfile encrypted to both a trivial
> password and to a pgp key, and it is not determinable from the
> encrypted file itself, if it was encrypted to a key as well,
> all the cloud computing resources available will merrily spin
> themselves into exhaustion ubtil they decide that the passphrase is
> 'probably too long and complex to crack'
> vedaal
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list