> This was back in the Pentium II days!! Processors these days could > likely crack a dictionary based password in a matter of seconds.
Tell you what: try it. :) If you choose only from the thousand most-common English words (a keyspace of about 2^10), a six-word passphrase gives a work factor of 2^60. The key derivation function means you're spending at least 2^-10 seconds for each attempt, which means you've got 50/50 odds of breaking the passphrase after 2^49 seconds -- or about 18 million years. A four-word passphrase could be broken after 2^29 seconds, or about 17 years. It's parallelizable, of course, if you want to rent out 18 million AWS instances. But at present, the sense of the community is that the FAQ advice, which gives people between 17 years and 18 million years of resistance to a brute-force attack, is sufficient. > I'm sorry, but that particular bit of advise is terrible and needs to be > changed. I have forwarded your criticism on to the community and invited them to give their own feedback. The FAQ is the collective opinion of the community, not just myself -- all I do is write the thing. If the community concurs with your sentiments, I'll change the text. > If you guys accept public assistance, I could go through the > instruction / FAQ pages for you, update them, then submit them to you > for approval. We welcome any useful contributions. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
