> There's still a big difference between trying to brute-force a > cryptographically-strong 64-bit key, and applying dictionary attacks > against against an English-based passphrase.
If there exists a difference, I'm unaware of it. > If I recall correctly, > none of the attacks you mentioned attacked the passphrase protecting a > secret key (which is what we're talking about); rather, they were > attempts to recover plaintext in the *absence* of the secret key by > trying all possible decryption keys within the keyspace. And that's exactly what we want to do when we break a passphrase: recover the plaintext of the (encrypted) private-key material by trying all possible decryption keys within the keyspace of the symmetric key which encrypts it. The passphrase generates the session key. > In short, I believe the context is different, and that passphrase > attacks against the secret key are vulnerable in a way that attacks on > ciphertext are not. I emphatically disagree. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
