Theoretical and maybe stupid questions about security
dshaw at jabberwocky.com
Wed Nov 20 21:37:53 CET 2013
On Nov 20, 2013, at 1:21 PM, Josef G. Bauer <Josef.Bauer at web.de> wrote:
> I wonder how easily my private key(s) ('secgring.gpg') can be cracked
> once somebody get access to it.
Not at all easily, *if* you have a good passphrase on your private key(s).
> Q: Is the password stored as an hash and can it be cracked using Rainbow
> Tables? Is it maybe salted?
In OpenPGP, a S2K (string-to-key) algorithm is used, where the passphrase entered by the user is hashed multiple times (with added salt) to transform it into the key used to decrypt the secret key.
More information about the Gnupg-users