On Sat, Apr 16, 2011 at 11:00 AM, Peter Pentchev <r...@ringlet.net> wrote:
> Mine, for instance, is over 30 characters long and, while it is derived
> from a couple of phrases, none of its components would be found by any
> reasonable brute-force or even dictionary attack, even by people who
> know me (please note that I did say "reasonable" WRT resources).
So, no common prefixes, suffixes, or parts of words? No syntactical
regularities, such as punctuation at the end of a sentence? No
language-specific dipthongs, digraphs, etc? No regular substitutions
(e.g. 3 for E)? So on and so forth. :)
While I'm not disputing that you've created a reasonably strong
passphrase, my original point was that any passphrase that isn't fully
random has a reduced keyspace. I'm not enough of a mathemagician to
say how much it's reduced, but it's certainly reduced by a non-zero
amount.
Consider:
Th qk brwn fx jmpd vr th lz dg.
None of the words are in an English language dictionary, but I can't
imagine anyone saying this would be resistant to a dictionary attack,
since any good cryptographic dictionary would probably take such
regular transformations into account. At 32 characters, it's certainly
random enough to stump a human's brute force attempts, but I wouldn't
hold it up as the gold standard for protecting cryptographic keys.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
