On 12/17/2013 9:41 PM, Matt D wrote: > OK, I see. So . . . if brute force is impossible, then what sort of > an attack is possible?
Too many to list. Depends largely on your attacker's budget and the constraints of their operation. For instance, if I don't care if you know I've compromised your traffic, I'll tie you to a chair and start swinging a pipe wrench at your kneecaps. Cheap and effective. Or I can target your machine for compromise. If I can trick you into visiting a particular URL I might be able to plant a remote-root on your desktop and gain control over it. At that point it's easy to run a keylogger to intercept your passphrase, and easy to copy your private key off your desktop. Or I can hire a $5,000-a-night hooker. I'm pretty sure that inside of a week you'd be willing to tell your new charming companion pretty much anything. The KGB employed this against United States cipher clerks with amazing success. Or... etc. The list goes on and on and on. In fact, there are so many ways to gain access to your traffic that I think obsessing over whether the default should be 2048-bits or 3072-bits is ... it's like arguing over whether your security fence should be 100 feet high or 120 feet high. Either way you need to pay more attention to the guy who's digging a tunnel underneath it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
