David Tomaschik wrote (in part): > If you value your OpenPGP key, I would not trust it to 24 bits of > entropy. My off-card backup of my key is protected by a 32-character > passphrase that I believe to be highly resistant to dictionary > attack (and contains sufficient special characters that I believe its > entropy to be close to the optimal 6.5 bits per symbol). But perhaps > I'm delusional. > I do not know about delusional.
But in a sense, was it not unwise to tell me your passphrase length? I will now set up my hypothetical exhaustive search cracker not to bother with passphrases less than 32 characters or longer than 32 characters. This reduces the size of the search space I must examine. Of coarse, the shorter ones can be tested faster than the longer ones. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 09:35:01 up 4 days, 18:08, 4 users, load average: 5.13, 5.25, 5.22 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
