On 5/11/20 10:11 PM, Robert J. Hansen - r...@sixdemonbag.org wrote:
This arrived in my inbox: I'm presenting it here without comment.
You've advised people to use a HORRIBLE practice of using dictionary words solely for their password. I tested this theory myself back in the day, so I can 100% guaranty you of this fact: A brute force dictionary based attack can crack a password like that in LESS THAN 5 minutes!! I once stretched that out to 20 minutes by cleverly picking words that I already knew were at the opposite ends of the dictionary.
In order to discuss the feasibility of brute forcing a set of a few random dictionary words, we would have to agree on a few numbers:
1) how many words in the passphrase 2) how many words in a dictionary 3) how many dictionaries 4) how many slightly different forms can average word of the dictionary take due to the declension, conjugation and noun/adjective gender matching. This happens to be an English-only language mailing list, but very few users of this program speak (only) English. It always surprises me how contributors native-language-centric some Internet discussions on a technical subject that transgresses language borders are. Overall, the original suggestion in the FAQ is perfectly valid, and all I would add is point out the benefit of (3) and (4) above. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
