GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

Ciprian Dorin, Craciun ciprian.craciun at gmail.com
Sat Nov 28 15:42:06 CET 2009


    (I'll try to start a new thread from the following quotes.)


On Sat, Nov 28, 2009 at 8:50 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> Matt wrote:
>> If I had a sufficiently good passphrase, would Google returning my
>> secret key as the first hit result for every search for a day still be
>> secure?
>
> "Secure" is not a very good word to use.  It means so many different
> things to so many different people.  "Secure" really means "in
> accordance with my security policies" -- the use of the word is
> inherently subjective.


    Related to the same problem (strength of the secret key data
encryption measures), I've posted some months ago an email on the
scy.crypt Usenet group, but I didn't got a satisfactory (that is
factual) answer. (See below.)

    Maybe someone could clear this out (at least from GnuPG part). (My
original post was related with both GnuPG an OpenSSH).

~~~~~~~~~~ Original post:

    (I have a very basic question that to most of the persons reading
this news-group might seem trivial. But anyway...)

    My concern (as stated in the subject) is related to the security
strength of GnuPG and OpenSSH secret / private keys in the following
context:
    * the secret / private keys are encrypted by using a password that
only me (the owner) knows;
    * an attacker is in possession of my secret / private key files;
    * the attacker wants to gain access to the secret / private key
(thus being able to impersonate me);
    * the attacker chooses as attack method to brute-force the files
off-line, by trying to guess my password;
    * (by guessing the password I mean trying all possible passwords
that fit a given pattern; the password is not a dictionary word, but
instead is (truly) randomly created (i.e. DiceWare);)

    The question is: what does GnuPG or OpenSSH do to slow down
password brute-force? I mean does the password derivation function use
some iterations? If so how many? Can I configure them? I guess so but
I couldn't find any data on the net on a quick search. (Any references
are appreciated.)

    Also, how many bits of security should my password have in order
to withstand an attack from a small / medium enterprise? (Government
is out of the question as they could get access to my infrastructure
by force...)

    Thank you for your patience and your wisdom,
    Ciprian Craciun.



More information about the Gnupg-users mailing list