On Apr 18, 2011, at 6:56 PM, Robert J. Hansen wrote: >> Yes, well, that would mean that a 32-character English passphrase will >> average about 64 bits of randomness. Is that really enough to protect >> a key from an offline brute force attack? I think not, but am open to >> being persuaded. :) > > As I've said a few times now, no question about "is X really sufficient to > protect a passphrase from being broken?" can be answered without a lot of > context. Who are you worried about breaking it? How hard will they try? > > To give you an example, RC5-64 was a giant distributed network of computers > run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. > Their volunteer network was much larger than anyone outside of > megacorporations or First World intelligence agencies or major crime > syndicates have. > > It took them eighteen months.
Actually around 58 months: just under 5 years. > 64-bit crypto isn't good for long-term storage, but if you want to foil > someone who doesn't have megacorporation-level resources for a period of > months or years, it'll do just fine. Against First World intelligence > agencies it might take a few seconds. Are you asserting that there exists a group that can brute-force a 64-bit key in a few seconds? David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
