GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

David Shaw dshaw at
Sat Nov 28 22:25:40 CET 2009

On Nov 28, 2009, at 12:37 PM, Robert J. Hansen wrote:

> David Shaw wrote:
>> Difficult question to answer, since everyone is going to wave around
>> their opinion. :)
> There are some empirical facts which may be useful, though -- like
> observing the RC5-64 project was able to break a 64-bit key via a
> massive distributed project that took 18 months of runtime.
> That's not a recommendation, just a data point which may be useful to
> people in making their own estimations.

That's sort of the problem, though.  There are countless facts that  
can be brought to bear on this question, and each one, by itself is  
just an additional point which does not add very much to the perennial  
question of key length.   The nice thing about the site  
is that they (or rather the several research papers and guides that  
comprise the site) gather together hundreds or more of individual  
facts and - carefully showing their methodology so that others can  
learn - do derive recommendations.


More information about the Gnupg-users mailing list