GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)
Mario Castelán Castro
mariocastelancastro at gmail.com
Sat Nov 28 17:54:58 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
November 28th for gnupg-users at gnupg.org thread "GnuPG private key
resilience against off-line brute-force attacks"
Entropy is a relative thing AFAIR:
For one who knows than a password was generated by using diceware the
entropy will be 7776^n + 7776^n-1 ... 7776^1 where n is the number of
words.
For one who knows the lenght of password the entropy will be 256^n
where n is the length. If it is know than it is english text entropy
would be (26+26+10)^n.
In contrast for one who do not know how password has been generated
the entropy will be as if it were a random one.
In short the apparent entropy of passowrds depends of how many the
atacker know of it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREIAAYFAksRVbsACgkQZ4DA0TLic4iwsgCfSpBGgu2zIYTL98CTde7QgTBu
u9sAn3fgOtJhGoj4QTXgm6A1IjE+n4HU
=t1Dq
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list