![]() First, if private key is locked with a password and the attacker has access to the locked private key, cracking is all about the password, and not about GPG or public key crypto at all. There are two important things to glean from this. You can repeat the arithmetic with other values of guesses per second. You'd get 66 bits of entropy and cracking would take about 2 35 seconds, or over a thousand years. ![]() If, instead, the password is one of the top 10,000 (and crackers have lists!) you have about 13.3 bits of entropy and cracking will succeed in less than a second.įinally, suppose you used Diceware with a 6 word pass phrase. Since we expect an attacker to "hit" about halfway through, average time to crack will be around 42 days. ![]() If an attacker can make a billion (2 30) guesses per second, it will take about 2 22.8 seconds or about 84 days to try all combinations. Given an eight character ASCII password, truly randomly generated, one would have 6.6x8=52.8 bits of entropy. There's a easy equation to answer that what's hard is that there are two unknowns: the number of bits of entropy in the password and the number of guesses per second at attacker can make.Įxample: There are 96 printable ASCII characters. ![]() If you have a GPG private key that is locked with a password, "cracking" the key reduces to password guessing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |