Fwd: The GnuPR FAQ

LisToFacTor listofactor at mail.ru
Tue May 12 11:46:13 CEST 2020

On 5/11/20 10:11 PM, Robert J. Hansen - rjh at sixdemonbag.org wrote:
> This arrived in my inbox: I'm presenting it here without comment. 

>> You've advised people to use a HORRIBLE practice of using dictionary
>> words solely for their password. I tested this theory myself back in the
>> day, so I can 100% guaranty you of this fact: A brute force dictionary
>> based attack can crack a password like that in LESS THAN 5 minutes!! I
>> once stretched that out to 20 minutes by cleverly picking words that I
>> already knew were at the opposite ends of the dictionary.

In order to discuss the feasibility of brute forcing a set of a few 
random dictionary words, we would have to agree on a few numbers:

1) how many words in the passphrase
2) how many words in a dictionary
3) how many dictionaries
4) how many slightly different forms can average word of the
    dictionary take due to the declension, conjugation and
    noun/adjective gender matching.

This happens to be an English-only language mailing list, but very few
users of this program speak (only) English. It always surprises me how
contributors native-language-centric some Internet discussions on a
technical subject that transgresses language borders are.

Overall, the original suggestion in the FAQ is perfectly valid, and all
I would add is point out the benefit of (3) and (4) above.

More information about the Gnupg-users mailing list