GPG keys for multiple email accounts

Robert J. Hansen rjh at
Sun Jul 7 17:43:17 CEST 2013

On 07/07/2013 08:03 AM, Heinz Diehl wrote:
> Or the other way 'round: why use (waste?) a lot of bits on
> cryptography when it's much "easier" to bruteforce the 
> password itself?

Nobody with two brain cells to rub together is going to try
brute-forcing either the crypto or your passphrase.  Nobody.  Let me
make it really clear: anyone who would try to do this would be such a
blistering moron that I don't feel the need to waste any time
considering how to defend against him.

Further, who cares if the number of bits in different parts of the
system aren't balanced?  If I want 112 bits of effective protection, and
I use a passphrase with 128 bits of entropy to decrypt key material
shielded with AES-256, then I haven't "wasted" anything at all, nor is
my system "imbalanced."  Instead, my system has a minimum of 16 bits of
safety at each step.

More information about the Gnupg-users mailing list