On 2011-10-10 23:29, Jan Janka wrote: > > How long would it take to execute a successful brute force attack on > a pasphrase consisting of 12 symbols (symbols available on common > keyboards)?
Calculate how many combinations there are, assume some number of tries per second (you can experimentally find this out), and there you go. But remember Murphy's(?) law! -- (I mean the one about doubling computer power every 18 months -- are there two Murphy's laws? Confused now...) You can measure the strength of your password in bits of entropy, which is basically the log base 2 of the number of combinations. So if there are 64 possible combinations (a single alphanum case-sensitive password-ish) then you have 6 bits of entropy. In the diceware FAQ at www.diceware.com you can find info about how long a password with a given number of bits is supposed to be secure. Also some tips on how to pick a memorizable secure passphrase. > If the attacker only got the passphrase and not the private key, I > can simply change the passphrase to be secure again. Right? So I'd > say my key is compromised if I think an attacker got BOTH, the > passphrase AND the key. Yes but remember the attacker might get at an old version of your key that still used the old passphrase. -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, "yes" is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said "yes." A: No, "what!" Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users