Me stupid: lost password for gpg
Russell Coker
russell at coker.com.au
Tue Dec 28 19:58:48 UTC 2004
On Tuesday 28 December 2004 19:25, Hans de Goede <j.w.r.degoede at hhs.nl> wrote:
> > The program could try over 600 combinations a second on a 2-3yo Athlon
> > giving almost 5 digits tested per day if you only use lower-case and
> > digits. This means that a pass-phrase of 6 characters comprising
> > lower-case and digits could be reliably cracked in just over a month. 7
> > characters could be done in 3 years with an old Athlon or maybe some
> > reasonable amount of time in a dual-Opteron. 8 or more characters would
> > require a large network of machines.
> >
> > Let me know if you want a copy of my code, but be warned, it's really
> > ugly. Also it might be possible to optimise things and maybe double the
> > speed if you can figure out GPG memory management (I can't).
>
> 1) Thanks, but I finally remembered my password
> 2) This is worry some, so a passphrase really should be 8 chars minimal?
Given that anyone can crack 6 characters, 7 characters could be cracked easily
by hardware that will be cheap in a few years, and 8 can be easily cracked
with a network of machines I think that you need at least 10 characters for
the pass-phrase to be worth much.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list