-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 29 July 2004 23:43, Christian wrote: > Venkat Manakkal wrote: > > See diceware.com about choosing really strong passwords. Long phrases or > > sentences do not really cut it. A ten word diceware phrase puts you in > > the 128+ bits of entropy range, throw in some extra special characters > > for good measure and you will be in the 30 char password length range. > > But it doesn't make sense to use AES256 if your password has only 128 > bits of entropy, right? The password is usually the last line of defense, at the point where the attacker has both the GPG keys and the encrypted randomly generated multi-key passphrase. At that point, the human who has the passphrase in his or her head is the weakest link since the attacker will have the person too, most likely, on some island... Analysing the threat scenarios usually eliminates the requirement of much more than AES128. It is usually far easier to get the password than to brute force a modern cipher, as far as I know. If the attacker does not have access to the USB keychain with the PGP keys and the encrypted keyfile, then you get the full benefit of AES256 (whatever that means to you). Cheers! - ---Venkat. - ---------------------------------------------------------------------------- Venkat Manakkal venkat_AT_rayservers.com GPG: https://www.rayservers.com/keys/0x12430522.asc GPG: 0x12430522/4856 01AB F8BA E0EB F128 A57F 59D9 16FD 1243 0522 +1-607-546-7300 http://www.rayservers.com/ Computers. Installed Secure. - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBComxWdkW/RJDBSIRAtfSAKC5dhBo0udtrbkxSPrerQGi9TMJlQCeKBto 0Z0poUa2PmUzeHASdA1oUww= =1Xb9 -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
