带有 OpenPGP 加密密钥的 s3cmd - 这是密码还是密码?

s3cmd with OpenPGP encryption key - is this a password or a passphrase?

我使用 s3cmd 为 GnuPG 设置了一个 10 个字符的复杂密码。

Run s3cmd --configure

You will be asked for the two keys - copy and paste them from your confirmation email or from your Amazon account page. Be careful when copying them! They are case sensitive and must be entered accurately or you'll keep getting errors about invalid signatures or similar.

You can optionally enter a GPG encryption key that will be used for encrypting your files before sending them to Amazon. Using GPG encryption will protect your data against reading by Amazon staff or anyone who may get access to your them while they're stored at Amazon S3.

现在我不确定是否应该设置密码(不是密码)。亚马逊可以轻松解密(他们拥有强大的计算能力)10 个字符的复杂密码吗?

“Passphrase”只是 OpenPGP 环境中“密码”的常用术语。密码短语用于通过 OpenPGP's string-to-key function 导出对称密钥。 GnuPG 为哈希算法和使用的迭代次数设置了合理的默认值,这使得暴力破解 OpenPGP 密码短语成为一项非常昂贵的操作。暴力破解十个字符的密码短语绝对不是 easy 如果它是随机的并且不能从通常的密码列表中导出;如果您认为您的信息对 (a) 可能访问加密信息和 (b) 拥有强大计算能力的实体特别有价值,您可能需要考虑应用更强大的密码 and/or 调整字符串到密钥参数使测试单个密码的成本更高。

可以在 "At what point does adding more iterations to PBKDF2 provide no extra security?".

中阅读关于 OpenPGP 中暴力破解密码的成本的一些更广泛的讨论