Went to a security seminar where I asked a random FBI agent after a presentation about passwords; he said just to get into their personal terminals it was something like 17 characters minimum and that the passwords were randomly generated letters and numbers and symbols and that they were changed fairly often. If you're trying to protect something from offline brute forcing and the password is the weak point, you're probably best off coming up with a really long randomly generated diceware phrase (7 words ought to be safe) https://www.rempe.us/diceware/#eff.
I always figure that if you upset a nation-state enough that they're willing to throw their supercomputers at you to get at your goodies, they'll likely just tie you up and brute force your body until they get what they need. -Ryan McGinnis http://www.bigstormpicture.com Sent via ProtonMail ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, July 8, 2020 11:36 AM, Stefan Claas <s...@300baud.de> wrote: > Ryan McGinnis via Gnupg-users wrote: > > > Six years ago Snowden said to assume the NSA can try roughly 1 Trillion > > passwords per second. I imagine it's significantly > > more by now. > > Holy cow! That raises then probably one more question, i.e. the required > minimum length for a strong password nowadays. > > Regards > Stefan > > ------------------------------------------------------------------------------------------------------------------------------------------ > > my 'hidden' service gopherhole: > gopher://iria2xobffovwr6h.onion
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
