> Yes, well, that would mean that a 32-character English passphrase will > average about 64 bits of randomness. Is that really enough to protect > a key from an offline brute force attack? I think not, but am open to > being persuaded. :)
As I've said a few times now, no question about "is X really sufficient to protect a passphrase from being broken?" can be answered without a lot of context. Who are you worried about breaking it? How hard will they try? To give you an example, RC5-64 was a giant distributed network of computers run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. Their volunteer network was much larger than anyone outside of megacorporations or First World intelligence agencies or major crime syndicates have. It took them eighteen months. 64-bit crypto isn't good for long-term storage, but if you want to foil someone who doesn't have megacorporation-level resources for a period of months or years, it'll do just fine. Against First World intelligence agencies it might take a few seconds. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users