On Mon, June 25, 2012 5:00 pm, Robert J. Hansen wrote: > On 06/25/2012 11:44 AM, Werner Koch wrote: >>> cracking the symmetric encryption used to protect the private key is >>> comparable to the problem of cracking an encrypted message's session >>> key. >> >> No, it is not. The entropy in a session key matches the size of the >> session key. The key used to protect the private key is commonly much >> weaker. A passphrase providing an adequate amount of entropy is not >> useful because a user won't be able to remember it correctly. > > Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom > dropped into base64. It took me a weekend to memorize it, but the peace > of mind has been well worth it. > > It is possible, though, that I'm demented. :) reading this it occurs it me that keyboards are cheap so it would be reasonable to swap all the keys about on a keyboard and then use some easily memorably combination of real words to save on so much memorizing.
mick -- keyID: 0x4BFEBB31 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users