Hi David Vedaal and everyone This is something even I have thought: this seems to be a sure way to prevent such computing from being able to 'guess' the password. Why is then, parallel computing being haled as the antidote to privacy?
Regards Hardeep Singh http://blog.Hardeep.name Sent from Delhi, India On Thu, Nov 5, 2009 at 8:35 PM, <ved...@hush.com> wrote: > David Shaw <dshaw () jabberwocky ! com> > wrote on 2009-11-04 18:34:49 : > >>This is not, of course, an OpenPGP "crack", but rather high-speed > >>password guessing. > > a trivial way to defeat this, > would be to provide each client with a pgp keypair, > (physically presented to the client upon the initial transaction > agreement), > and then encrypt the zipfile to a key and not even use a passphrase > > what would be even more interesting, > is if it could be done in a way that truecrypt uses to protect its > encrypted volumes, where the user can choose to use a keyfile as > well as a passphrase, but it cannot be determined before decryption > if a keyfile, passphrase, both or only one, has been used > > so, imagine if a client has a zipfile encrypted to both a trivial > password and to a pgp key, and it is not determinable from the > encrypted file itself, if it was encrypted to a key as well, > > all the cloud computing resources available will merrily spin > themselves into exhaustion ubtil they decide that the passphrase is > 'probably too long and complex to crack' > > > vedaal > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
