private key protection

Werner Koch wk at
Mon Jun 25 17:44:07 CEST 2012

On Mon, 25 Jun 2012 17:08, Lists.gnupg at said:

> cracking the symmetric encryption used to protect the private key is
> comparable to the problem of cracking an encrypted message's session
> key. 

No, it is not.  The entropy in a session key matches the size of the
session key.  The key used to protect the private key is commonly much
weaker.  A passphrase providing an adequate amount of entropy is not
useful because a user won't be able to remember it correctly.  Further,
a brute force attempt on the protected private keys needs to be done
only once, whereas it has to be done for each encrypted message, if you
want to target the session key.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list