On 10/11/11 9:41 AM, Jean-David Beyer wrote: > But in a sense, was it not unwise to tell me your passphrase length? I > will now set up my hypothetical exhaustive search cracker not to bother > with passphrases less than 32 characters or longer than 32 characters. > This reduces the size of the search space I must examine. Of coarse, the > shorter ones can be tested faster than the longer ones.
Not really. Imagine if you knew his passphrase was a number, but not how long it was. Now he tells you, "it's a seven-digit number." Okay, fine: you can exclude all six-digit numbers (900,000 of them), all five-digit numbers (90,000 of them), all four-digit numbers (9,000 of them), all three-digit numbers (900 of them), all two-digit numbers (90 of them) and all one-digit numbers (ten of them) [*]. You've excluded 900,000 + 90,000 + 9,000 + 900 + 90 + 10 = one million total numbers out of the possible ten million. You've reduced the keyspace by 10%. If his passphrase has zero margin of safety, he's done something foolish: his passphrase no longer meets his entropy requirements. On the other hand, if his passphrase is longer than necessary to meet his requirements, he can afford to throw out 10% of the potential keyspace without losing any sleep. What he's done here is pretty much exactly what I've described, just in a different numerical base. Tell you what: I'll put my money where my mouth is. The low-order bits of the primes that comprise my private key are both '1'. Doesn't help you out very much, does it? ;) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
