Fwd: The GnuPR FAQ
Robert J. Hansen
rjh at sixdemonbag.org
Tue May 12 00:11:27 CEST 2020
This arrived in my inbox: I'm presenting it here without comment. My
response will be following in a moment.
-------- Forwarded Message --------
Subject: The GnuPR FAQ
Date: Mon, 11 May 2020 14:19:07 -0600
From: James Long <crogonint at gmail.com>
To: rjh at sixdemonbag.org
Greetings!
I'm just getting started on a write-up with instructions explaining how
to use all of the new options in GnuPG to set it up in the various email
clients and browsers.
I noticed on this page:
https://www.gnupg.org/faq/gnupg-faq.html
You've advised people to use a HORRIBLE practice of using dictionary
words solely for their password. I tested this theory myself back in the
day, so I can 100% guaranty you of this fact: A brute force dictionary
based attack can crack a password like that in LESS THAN 5 minutes!! I
once stretched that out to 20 minutes by cleverly picking words that I
already knew were at the opposite ends of the dictionary.
This was back in the Pentium II days!! Processors these days could
likely crack a dictionary based password in a matter of seconds.
I'm sorry, but that particular bit of advise is terrible and needs to be
changed. If you guys accept public assistance, I could go through the
instruction / FAQ pages for you, update them, then submit them to you
for approval.
Since I'm already writing updated instructions anyway. ;)
- James T. Long
------------
There are 10 kinds of people in the world - those who understand binary,
and those who don't.
More information about the Gnupg-users
mailing list