[arch-general] How long do you make the passphrase for the private key?

Justin Capella justincapella at gmail.com
Wed Jun 26 03:07:00 UTC 2019


I did a quick search and noticed by default pbkdf2 is not used... Check
this out,
https://security.stackexchange.com/questions/84482/do-gpg-and-openssh-use-key-stretching-on-their-keypairs

Seems worth it, but hardware solutions still seen preferable and have anti
hammering.

On Tue, Jun 25, 2019, 7:43 PM Ralf Mardorf via arch-general <
arch-general at archlinux.org> wrote:

> On Wed, 26 Jun 2019 10:41:03 +1000, asymptosis via arch-general wrote:
> >In practice, I believe any decent password cracker would start with a
> >dictionary of the most common word
>
> There are some common human patterns. In music for example it's unusual
> to play  a b c d, its more common to play patterns such as  a c b d.
> So instead of using a word, even a stupid human more likely would e.g.
> turn syllables by a pattern. Such a pattern isn't hard to crack, but a
> starting point for contemplation.
>


More information about the arch-general mailing list