GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)
David Shaw
dshaw at jabberwocky.com
Sat Nov 28 22:25:40 CET 2009
On Nov 28, 2009, at 12:37 PM, Robert J. Hansen wrote:
> David Shaw wrote:
>> Difficult question to answer, since everyone is going to wave around
>> their opinion. :)
>
> There are some empirical facts which may be useful, though -- like
> observing the RC5-64 project was able to break a 64-bit key via a
> massive distributed project that took 18 months of runtime.
>
> That's not a recommendation, just a data point which may be useful to
> people in making their own estimations.
That's sort of the problem, though. There are countless facts that
can be brought to bear on this question, and each one, by itself is
just an additional point which does not add very much to the perennial
question of key length. The nice thing about the keylength.com site
is that they (or rather the several research papers and guides that
comprise the site) gather together hundreds or more of individual
facts and - carefully showing their methodology so that others can
learn - do derive recommendations.
David
More information about the Gnupg-users
mailing list