On Tue, 3 Mar 2009, Robert J. Hansen wrote:
Yes. It's the same as the S2K in OpenPGP, last I checked -- which is
specifically designed to make brute forcers slow.
Let's say the guy has a passphrase with 64 bits of entropy. Assume you
have a massively distributed network and some truly cutting-edge math,
you could probably do it in two solid years of work. The RC5 project on
distributed.net took 18 months to do 64 bits, but RC5 wasn't designed to
be very slow to rekey.
Now consider just how many 64-bit keys the US government would like to
crack. It probably numbers in the millions.
Now consider how high this guy's passphrase stands in the to-do list.
==================
most people don't use pass-phrases that strong. in any case, we're talking
about something that can realistically be broken in a reasonable amount of
time (compared to several times the age of the universe) using real-world
technology, not like trying to crack a messages that was intercepted on
the wire, and encrypted with 4096 RSA or a 256bit twofish.
--
...atom
________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Human beings, who are almost unique in having the ability
to learn from the experience of others, are also remarkable
for their apparent disinclination to do so."
-- Douglas Adams, Last Chance to See
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
