GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

Robert J. Hansen rjh at
Sat Nov 28 18:37:16 CET 2009

David Shaw wrote:
> Difficult question to answer, since everyone is going to wave around
> their opinion. :)

There are some empirical facts which may be useful, though -- like
observing the RC5-64 project was able to break a 64-bit key via a
massive distributed project that took 18 months of runtime.

That's not a recommendation, just a data point which may be useful to
people in making their own estimations.

More information about the Gnupg-users mailing list