GPG keys for multiple email accounts
Robert J. Hansen
rjh at sixdemonbag.org
Sun Jul 7 17:43:17 CEST 2013
On 07/07/2013 08:03 AM, Heinz Diehl wrote:
> Or the other way 'round: why use (waste?) a lot of bits on
> cryptography when it's much "easier" to bruteforce the
> password itself?
Nobody with two brain cells to rub together is going to try
brute-forcing either the crypto or your passphrase. Nobody. Let me
make it really clear: anyone who would try to do this would be such a
blistering moron that I don't feel the need to waste any time
considering how to defend against him.
Further, who cares if the number of bits in different parts of the
system aren't balanced? If I want 112 bits of effective protection, and
I use a passphrase with 128 bits of entropy to decrypt key material
shielded with AES-256, then I haven't "wasted" anything at all, nor is
my system "imbalanced." Instead, my system has a minimum of 16 bits of
safety at each step.
More information about the Gnupg-users
mailing list