> Correct. But do you claim the ideas are shenanigans:
The idea of "use several words in a combination that's only meaningful and
predictable to you" is a good one. That's not in debate. The idea of "this is
fun" being a passphrase that will require 2,500 years of attacks to break is
just absolute balderdash.
> Example: What do you make the _expected_ secure time _estimate_ of:
> a) three four letter words say: muck, ruck, puck?
> b) make them memorable: the puck in the ruck in the muck?
Can't be answered. In what kind of a system? What kind of technology can the
attacker employ? Does the attacker have any knowledge about what the key
material is probably like ("cribs", in cryptanalytic jargon)? What kind of
budget? What's the attacker's skill level? What's... etc.
If we assume the attacker knows you're using English or something close to it,
then I'm going to estimate it at about 2.5 bits of entropy per glyph, or about
a billion combinations for a 20-character passphrase. This is enough to stymie
a high school student who's running a brute-forcer he wrote in pure Python
running on a single terminal in his high school computer lab, but it's
literally seconds of work for a major corporation that can easily throw a
thousand terminals running hand-tuned Assembly brute-forcers at it.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
