Thanks very much for that information. That gives me a lot to consider and look into.. and also some confidence in the defaults :). Thanks also for the link to PaperWallet. I will check that out.
What I meant by "brute force" was that an attacker could generate all possible passphrases in a given keyspace and try each of them in an attempt to decrypt my passphrased secret key. Eventually one of the attempts should succeed. I did some calculations to try to work out how long it might take to brute force, and the results were more like decades instead of something more impressive like "long after the sun has exploded". So for example's sake, lets say my passphrase keyspace is in order of 10^25. I'll also assume that a sophisticated attacker might be able to make 1 million attempts per second (maybe this is where my assumptions are off - but the bitcoin network generates trillions of hashes per second by comparison). >> (10^25/10^6) / 86400 / 365 ans = 3.1710e+11 300 billion years at that rate. But, if I account for moore's law, I should assume that the attempts per second will increase each year. If I assume 50% increase in computing power per year then I get: >> log((10^25/10^6) / 86400 / 365) / log(1.5) ans = 65.314 So 65 years. I know this is a really long time, but it's not as impressive as millions of years would be. Does this mean that people in the 22nd / 23rd century might be able to crack old passphrased keys really easily? (ok, maybe there are likely to be maths advances by that point anyway). Quite likely I've made and mistakes in my calculations and/or bad assumptions so let me know if that is the case. Thanks again
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
