[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

Robert J. Hansen rjh at sixdemonbag.org
Tue Apr 19 07:07:21 CEST 2011


> I think a lot of this password philosophy is nonsense for most people. The only things that are likely to be brute-forced are Edge devices with some sort of tactical purpose. Average Joe user is more at risk from phishing or another social engineering tactic.

Tactical communications are at essentially zero risk for brute-forcing or cryptanalysis unless the key is ridiculously small or the cipher ridiculously simple.  By their very nature, tactical communications involve very short periods of time: "attack the beach at dawn" is a message that only needs to be secure until dawn.  By the time you break the crypto the traffic is no longer of value to you.

Strategic communications are at huge risk for brute-forcing.  "If you agree to sell us oil at $4 below market rate for the next 30 years, we will look the other way as you annex Berzerkistan" is the kind of communication that needs to be kept secret for decades.  That means all different kinds of cryptanalysis and brute force become feasible.




More information about the Gnupg-users mailing list