Traveling without a secret key
Ryan McGinnis
ryan at digicana.com
Wed Jul 8 21:06:37 CEST 2020
Went to a security seminar where I asked a random FBI agent after a presentation about passwords; he said just to get into their personal terminals it was something like 17 characters minimum and that the passwords were randomly generated letters and numbers and symbols and that they were changed fairly often. If you're trying to protect something from offline brute forcing and the password is the weak point, you're probably best off coming up with a really long randomly generated diceware phrase (7 words ought to be safe) https://www.rempe.us/diceware/#eff.
I always figure that if you upset a nation-state enough that they're willing to throw their supercomputers at you to get at your goodies, they'll likely just tie you up and brute force your body until they get what they need.
-Ryan McGinnis
http://www.bigstormpicture.com
Sent via ProtonMail
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, July 8, 2020 11:36 AM, Stefan Claas <sac at 300baud.de> wrote:
> Ryan McGinnis via Gnupg-users wrote:
>
> > Six years ago Snowden said to assume the NSA can try roughly 1 Trillion passwords per second. I imagine it's significantly
> > more by now.
>
> Holy cow! That raises then probably one more question, i.e. the required minimum length for a strong password nowadays.
>
> Regards
> Stefan
>
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> my 'hidden' service gopherhole:
> gopher://iria2xobffovwr6h.onion
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 823 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200708/d8ace48d/attachment.sig>
More information about the Gnupg-users
mailing list