On 07/07/2013 08:03 AM, Heinz Diehl wrote: > Or the other way 'round: why use (waste?) a lot of bits on > cryptography when it's much "easier" to bruteforce the > password itself?
Nobody with two brain cells to rub together is going to try brute-forcing either the crypto or your passphrase. Nobody. Let me make it really clear: anyone who would try to do this would be such a blistering moron that I don't feel the need to waste any time considering how to defend against him. Further, who cares if the number of bits in different parts of the system aren't balanced? If I want 112 bits of effective protection, and I use a passphrase with 128 bits of entropy to decrypt key material shielded with AES-256, then I haven't "wasted" anything at all, nor is my system "imbalanced." Instead, my system has a minimum of 16 bits of safety at each step. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
