On 06/25/2012 11:44 AM, Werner Koch wrote: >> cracking the symmetric encryption used to protect the private key is >> comparable to the problem of cracking an encrypted message's session >> key. > > No, it is not. The entropy in a session key matches the size of the > session key. The key used to protect the private key is commonly much > weaker. A passphrase providing an adequate amount of entropy is not > useful because a user won't be able to remember it correctly.
Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom dropped into base64. It took me a weekend to memorize it, but the peace of mind has been well worth it. It is possible, though, that I'm demented. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
