Why revoke a key?

Robert J. Hansen rjh at sixdemonbag.org
Tue Oct 11 16:54:40 CEST 2011


On 10/11/11 9:41 AM, Jean-David Beyer wrote:
> But in a sense, was it not unwise to tell me your passphrase length? I
> will now set up my hypothetical exhaustive search cracker not to bother
> with passphrases less than 32 characters or longer than 32 characters.
> This reduces the size of the search space I must examine. Of coarse, the
> shorter ones can be tested faster than the longer ones.

Not really.  Imagine if you knew his passphrase was a number, but not
how long it was.  Now he tells you, "it's a seven-digit number."

Okay, fine: you can exclude all six-digit numbers (900,000 of them), all
five-digit numbers (90,000 of them), all four-digit numbers (9,000 of
them), all three-digit numbers (900 of them), all two-digit numbers (90
of them) and all one-digit numbers (ten of them) [*].  You've excluded
900,000 + 90,000 + 9,000 + 900 + 90 + 10 = one million total numbers out
of the possible ten million.  You've reduced the keyspace by 10%.

If his passphrase has zero margin of safety, he's done something
foolish: his passphrase no longer meets his entropy requirements.  On
the other hand, if his passphrase is longer than necessary to meet his
requirements, he can afford to throw out 10% of the potential keyspace
without losing any sleep.

What he's done here is pretty much exactly what I've described, just in
a different numerical base.

Tell you what: I'll put my money where my mouth is.  The low-order bits
of the primes that comprise my private key are both '1'.  Doesn't help
you out very much, does it?  ;)



More information about the Gnupg-users mailing list