[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

Todd A. Jacobs codegnome.consulting+gnupg.org at gmail.com
Tue Apr 19 10:38:20 CEST 2011

On Mon, Apr 18, 2011 at 3:56 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> To give you an example, RC5-64 was a giant distributed network of computers run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key.

There's still a big difference between trying to brute-force a
cryptographically-strong 64-bit key, and applying dictionary attacks
against against an English-based passphrase. If I recall correctly,
none of the attacks you mentioned attacked the passphrase protecting a
secret key (which is what we're talking about); rather, they were
attempts to recover plaintext in the *absence* of the secret key by
trying all possible decryption keys within the keyspace.

In short, I believe the context is different, and that passphrase
attacks against the secret key are vulnerable in a way that attacks on
ciphertext are not.

More information about the Gnupg-users mailing list