Fwd: The GnuPR FAQ
listofactor at mail.ru
Tue May 12 11:46:13 CEST 2020
On 5/11/20 10:11 PM, Robert J. Hansen - rjh at sixdemonbag.org wrote:
> This arrived in my inbox: I'm presenting it here without comment.
>> You've advised people to use a HORRIBLE practice of using dictionary
>> words solely for their password. I tested this theory myself back in the
>> day, so I can 100% guaranty you of this fact: A brute force dictionary
>> based attack can crack a password like that in LESS THAN 5 minutes!! I
>> once stretched that out to 20 minutes by cleverly picking words that I
>> already knew were at the opposite ends of the dictionary.
In order to discuss the feasibility of brute forcing a set of a few
random dictionary words, we would have to agree on a few numbers:
1) how many words in the passphrase
2) how many words in a dictionary
3) how many dictionaries
4) how many slightly different forms can average word of the
dictionary take due to the declension, conjugation and
noun/adjective gender matching.
This happens to be an English-only language mailing list, but very few
users of this program speak (only) English. It always surprises me how
contributors native-language-centric some Internet discussions on a
technical subject that transgresses language borders are.
Overall, the original suggestion in the FAQ is perfectly valid, and all
I would add is point out the benefit of (3) and (4) above.
More information about the Gnupg-users