Which release should we be using?
Aaron Toponce
aaron.toponce at gmail.com
Fri Aug 26 17:35:06 CEST 2011
On 08/22/2011 07:47 PM, Anthony Papillion wrote:
> My passphrases are
> stored in a Keepass database that resides in a TrueCrypt container. It's
> protected well. My actual key is protected by a 62 character passphrase
> that I'd like to cut and paste into GPG.
Personally, I use https://passwordcard.org. The passwords are stored in
plaintext, on a card, in my wallet. It's protected well, 100% portable,
and should it fall into the wrong hands, it's useless.
Also, 62-character passphrase might be a bit extreme, giving you a
false-sense of security. Using a truly random sequence of characters
from the 94-printable ASCII pool of characters, a 12-character
passphrase provides you with about 78-bits of entropy. If you think
that's crackable in relatively short time, head over to
http://stats.distributed.net. They are working on cracking a 72-bit key,
at over 311 billion keys per second. In order to exhaust the entire
pool, it will take them nearly 500 years.
Of course, http://xkcd.com/538 says it best.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110826/ffedc375/attachment.pgp>
More information about the Gnupg-users
mailing list