Why revoke a key?

Jean-David Beyer jeandavid8 at verizon.net
Tue Oct 11 15:41:51 CEST 2011

David Tomaschik wrote (in part):

> If you value your OpenPGP key, I would not trust it to 24 bits of 
> entropy.  My off-card backup of my key is protected by a 32-character
>  passphrase that I believe to be highly resistant to dictionary
> attack (and contains sufficient special characters that I believe its
> entropy to be close to the optimal 6.5 bits per symbol).  But perhaps
> I'm delusional.
I do not know about delusional.

But in a sense, was it not unwise to tell me your passphrase length? I
will now set up my hypothetical exhaustive search cracker not to bother
with passphrases less than 32 characters or longer than 32 characters.
This reduces the size of the search space I must examine. Of coarse, the
shorter ones can be tested faster than the longer ones.

  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 09:35:01 up 4 days, 18:08, 4 users, load average: 5.13, 5.25, 5.22

More information about the Gnupg-users mailing list