On Mon, 25 Jun 2012 17:08, lists.gn...@mephisto.fastmail.net said: > cracking the symmetric encryption used to protect the private key is > comparable to the problem of cracking an encrypted message's session > key.
No, it is not. The entropy in a session key matches the size of the session key. The key used to protect the private key is commonly much weaker. A passphrase providing an adequate amount of entropy is not useful because a user won't be able to remember it correctly. Further, a brute force attempt on the protected private keys needs to be done only once, whereas it has to be done for each encrypted message, if you want to target the session key. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
