Traveling without a secret key

[Stefan Claas]

Andrew Gallagher wrote:
 
> Entropy checkers only provide an *estimate* of randomness, at best an upper bound. Once you know that someone has used a
> particular key expansion algorithm, the entropy estimate can go down dramatically. This is because randomness is a measure of
> ignorance, and new information changes the calculation (cf the Monty Hall problem).

Thanks for the info, much appreciated!

I must admit that I have not looked how GnuPG saves passwords, or better pass phrases. I would assume
that GnuPG does also additional salting and/or stretching.

The questions for me would be how those password cracking databases store passwords, when doing brute force.

Do they store the information, like I do with my humble approach? I have read years ago that for example
the NSA is capable of searching for seven billion passwords per second.

Additionally I could use my humble approach and tell people the following:

(Let's assume I would use 'Holidays Day 1, 2, 3 etc.') I could tell them also L or R 3 (delete 3 chars
at left or right from the strong string, and add 'house' and 'mouse' to the left and/or right.

This would then IMHO not match the database strings anymore, in case they look like my approach.

Regards
Stefan

-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion