I wonder how easily my private key(s) ('secgring.gpg') can be cracked
once somebody get access to it.
No one with two brain cells to rub together will try brute-forcing a
strong passphrase. No one. Assuming your passphrase is strong you
could publish your secret key in the _New York Times_ and still be
completely confident in the security of your communications.
Q: Is the password stored as an hash and can it be cracked using Rainbow
Tables? Is it maybe salted?
The passphrase isn't stored as a hash, so much as the passphrase is
hashed (many, many times -- with salt) and the output is used to
attempt to decrypt the secret key. The passphrase is never stored,
though, either in plaintext or in hashed form.
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
