Andrew Gallagher wrote: > Entropy checkers only provide an *estimate* of randomness, at best an upper > bound. Once you know that someone has used a > particular key expansion algorithm, the entropy estimate can go down > dramatically. This is because randomness is a measure of > ignorance, and new information changes the calculation (cf the Monty Hall > problem).
Thanks for the info, much appreciated! I must admit that I have not looked how GnuPG saves passwords, or better pass phrases. I would assume that GnuPG does also additional salting and/or stretching. The questions for me would be how those password cracking databases store passwords, when doing brute force. Do they store the information, like I do with my humble approach? I have read years ago that for example the NSA is capable of searching for seven billion passwords per second. Additionally I could use my humble approach and tell people the following: (Let's assume I would use 'Holidays Day 1, 2, 3 etc.') I could tell them also L or R 3 (delete 3 chars at left or right from the strong string, and add 'house' and 'mouse' to the left and/or right. This would then IMHO not match the database strings anymore, in case they look like my approach. Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
