On 07/07/2013 01:02 PM, Heinz Diehl wrote: > This very much depends on how important the encrypted information is > considered to be.
Find me some verifiable instance of OpenPGP passphrases being brute-forced and I'll take this seriously. Until then, I will continue to treat brute-forcing as the myth I'm almost certain it is. I like to assume an attacker is at least as smart as I am. If I'm smart enough to see that brute-forcing has really bad odds of success, why would I waste time when there are so many better avenues of attack available? I need your secret key and passphrase I'd start by hiring a thousand-dollar-a-night hooker for a week and point her in your direction, with a $5,000 bonus if she's able to get your key and passphrase without you noticing. Simple, cheap and effective. I might have her plant a keylogger while she's in your bedroom. Or I might try and nab you via a carefully-prepared spearphish, or get you on a drive-by as you surf the web, or... etc., etc. It makes absolutely no sense to brute-force a passphrase when it's so easy to compromise the communication endpoint. That's where the real work lies -- not in talk about making something resistant to brute-forcing. >> Further, who cares if the number of bits in different parts of the >> system aren't balanced? > > For some ciphers (incl. AES), a smaller key size means > "faster". This is irrelevant to the discussion. If a cipher isn't fast enough for your purposes then don't choose it. It has nothing to do with whether the entropy in a system is "balanced". _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users