Theoretical and maybe stupid questions about security

Robert J. Hansen rjh at
Wed Nov 20 22:55:18 CET 2013

> I wonder how easily my private key(s) ('secgring.gpg') can be cracked
> once somebody get access to it.

No one with two brain cells to rub together will try brute-forcing a  
strong passphrase.  No one.  Assuming your passphrase is strong you  
could publish your secret key in the _New York Times_ and still be  
completely confident in the security of your communications.

> Q: Is the password stored as an hash and can it be cracked using Rainbow
> Tables? Is it maybe salted?

The passphrase isn't stored as a hash, so much as the passphrase is  
hashed (many, many times -- with salt) and the output is used to  
attempt to decrypt the secret key.  The passphrase is never stored,  
though, either in plaintext or in hashed form.

More information about the Gnupg-users mailing list