* "Ciprian Dorin, Craciun" wrote:
> Thank you for the quick reply. (This is the kind of answer I was
> hopping to get. :) ) It seems that `s2k-count` escaped me. :)
>
> Maybe there should be an entry in the FAQ about this topic.
Well, other projects make good use of that option, f.e. lo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
November 28th 2009 for gnupg-users@gnupg.org thread "GnuPG private key
resilience against off-line brute-force attacks"
Ciprian: Wath you say is possible but useless.
One could build a machine who computes anything in only 1 clock cycle
or than not
On Sun, Nov 29, 2009 at 12:29 AM, Mario Castelán Castro
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> November 28th 2009 for gnupg-users@gnupg.org thread "GnuPG private key
> resilience against off-line brute-force attacks"
>
> Loop unrolling only gives more performance in very sm
On Nov 28, 2009, at 11:55 AM, Ciprian Dorin, Craciun wrote:
Thank you for the quick reply. (This is the kind of answer I was
hopping to get. :) ) It seems that `s2k-count` escaped me. :)
Maybe there should be an entry in the FAQ about this topic.
Related with my question about the pas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
November 28th 2009 for gnupg-users@gnupg.org thread "GnuPG private key
resilience against off-line brute-force attacks"
Loop unrolling only gives more performance in very small loops, for
not so small ones there can be in fact a performance penality
On Nov 28, 2009, at 3:07 PM, M.B.Jr. wrote:
Hi,
On Sat, Nov 28, 2009 at 1:47 PM, David Shaw
wrote:
The question is: what does GnuPG or OpenSSH do to slow down
password brute-force? I mean does the password derivation function
use
some iterations? If so how many? Can I configure them? I
On Nov 28, 2009, at 12:37 PM, Robert J. Hansen wrote:
David Shaw wrote:
Difficult question to answer, since everyone is going to wave around
their opinion. :)
There are some empirical facts which may be useful, though -- like
observing the RC5-64 project was able to break a 64-bit key via a
m
Hi,
On Sat, Nov 28, 2009 at 1:47 PM, David Shaw wrote:
>> The question is: what does GnuPG or OpenSSH do to slow down
>> password brute-force? I mean does the password derivation function use
>> some iterations? If so how many? Can I configure them? I guess so but
>> I couldn't find any data o
On Sat, Nov 28, 2009 at 3:47 PM, David Shaw wrote:
[snip]
> I'd suggest starting with the various calculators on
> http://www.keylength.com/
A very interesting website. I followed the links, and found this document:
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
It seems that
Robert J. Hansen wrote:
> David Shaw wrote:
>> Difficult question to answer, since everyone is going to wave around
>> their opinion. :)
>
> There are some empirical facts which may be useful, though -- like
> observing the RC5-64 project was able to break a 64-bit key via a
> massive distributed
David Shaw wrote:
> Difficult question to answer, since everyone is going to wave around
> their opinion. :)
There are some empirical facts which may be useful, though -- like
observing the RC5-64 project was able to break a 64-bit key via a
massive distributed project that took 18 months of runti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There is thread in the archives with the subject "TPK Archival" that may
be useful.
http://lists.gnupg.org/pipermail/gnupg-users/2009-March/035996.html
Regards,
Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using Gnu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
November 28th for gnupg-users@gnupg.org thread "GnuPG private key
resilience against off-line brute-force attacks"
Entropy is a relative thing AFAIR:
For one who knows than a password was generated by using diceware the
entropy will be 7776^n + 777
On Sat, Nov 28, 2009 at 5:47 PM, David Shaw wrote:
> On Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
>
>> Maybe someone could clear this out (at least from GnuPG part). (My
>> original post was related with both GnuPG an OpenSSH).
>>
>> ~~ Original post:
>>
>> (I have a very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David Shaw escribió:
> On Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
...
>>Also, how many bits of security should my password have in order
>> to withstand an attack from a small / medium enterprise? (Government
>> is out of the ques
On Nov 28, 2009, at 9:42 AM, Ciprian Dorin, Craciun wrote:
Maybe someone could clear this out (at least from GnuPG part). (My
original post was related with both GnuPG an OpenSSH).
~~ Original post:
(I have a very basic question that to most of the persons reading
this news-group
(I'll try to start a new thread from the following quotes.)
On Sat, Nov 28, 2009 at 8:50 AM, Robert J. Hansen wrote:
> Matt wrote:
>> If I had a sufficiently good passphrase, would Google returning my
>> secret key as the first hit result for every search for a day still be
>> secure?
>
> "S
Matt wrote:
> If I had a sufficiently good passphrase, would Google returning my
> secret key as the first hit result for every search for a day still be
> secure?
"Secure" is not a very good word to use. It means so many different
things to so many different people. "Secure" really means "in
ac
Robert J. Hansen wrote:
> If you are sure that no one will ever guess your passphrase, then you
> could safely publish your private key in the _New York Times_. That
> would be a really extreme case, but you could do it.
But what if you publish it in a paper people actually _read_? :)
While I un
FederalHill wrote:
> Would you define ascii-armored
binary -> base64 conversion.
http://en.wikipedia.org/wiki/Base64
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Would you define ascii-armored
--- On Wed, 11/25/09, Brian O'Kennedy wrote:
From: Brian O'Kennedy
Subject: Fwd: Backup of private key
To: gnupg-users@gnupg.org
Date: Wednesday, November 25, 2009, 4:19 PM
So this implies that I could safely upload my ascii-armored private
Brian O'Kennedy wrote:
> So this implies that I could safely upload my ascii-armored private
> key to an email server without fear (assuming of course that my
> passphrase is secure and large).
Correct. You just have to make *absolutely certain* your passphrase is
unguessable. If someone is abl
So this implies that I could safely upload my ascii-armored private key to
an email server without fear (assuming of course that my passphrase is
secure and large). What symmetric encryption is typically used on the key
itself? I'm assuming that this level of encryption is secure enough to not
wor
Thanks for the useful tips - I think I'll go the encrypt-upload-to-email
route plus an additional paperkey option stored at relatives house in case
of email service going down.
thanks,
Brian
2009/11/25 Ciprian Dorin, Craciun
> On Wed, Nov 25, 2009 at 9:20 PM, Brian O'Kennedy
> wrote:
> > Hi A
Brian O'Kennedy wrote:
> This is a complete n00b question, but I still need to get an opinion on
> this.
We were all new once. :) Welcome to the list!
> All of these make sense to me, but aren't compatible with my ability to
> lose physical things. So, what would the risks be of me using
> s
On Wed, Nov 25, 2009 at 9:20 PM, Brian O'Kennedy wrote:
> Hi All,
> This is a complete n00b question, but I still need to get an opinion on
> this.
> I've created myself a public/private key and got a bit concerned that if my
> harddrive fails, I lost the key and all data I've ever encrypted using
Hi All,
This is a complete n00b question, but I still need to get an opinion on
this.
I've created myself a public/private key and got a bit concerned that if my
harddrive fails, I lost the key and all data I've ever encrypted using it.
Advice I find around the net suggest saving it to a floppy
27 matches
Mail list logo
