Quote from: Fallkniven on July 13, 2013, 12:10 amI've done some tests with a major password cracking suite that the feds are supposed to make use of. It is programmed in such a way that even an idiot could crack something, GUIs and specialised search/crack methods - you really need to see/use it for yourself to get an idea of the scope of this software.It found my (stupidly) stored gpgring.sec file that stores all my PGP private keys & thusly tried to crack them using a multitude of Brute Force options and presets. The only thing that prevented the passwords from being found is their complexity and length.Try it for yourselves...http://jntlesnev5o7zysa.onion/torrent/6964061/ElcomSoft.Password.Recovery.Bundle.Forensic.Edition.v2012-DOAISOThat is why I recommend 8-10 Diceware words to protect your TrueCrypt volumes and/or PGP keyrings. While I haven't used the Elcomsoft software, I suspect that it has code in it which enables it to try all the usual tricks that people think is secure. The bottom line is that people are really lousy judges of what constitutes a good, unguessable, secure password. These weaknesses are what the software exploits. Access Data in Orem, Utah sells password breaking software to Federal agencies that scours suspect computers for keywords related to hobbies and the like. For example, a motorcycle buff might choose words related to motorcycles as his/her password. A suspect in England, with an interest in horses used an obscure term related to a stirrup as his password. If you use Diceware, all this subjective informatoin will yield them nothing. Even if they know you have used Diceware, and even if they know the length of your passphrase, they still cannot brute-force it, if you have used a reasonable number of words. Diceware's strength lies in the nature of how the words are chosen -- by a random, physical process -- rolling dice. The authorities only option is brute-force, which is fruitless if you have used a sufficiently-long passphrase. See: http://www.diceware.com/Also see: DNA Key to Decoding Human Factorhttp://www.washingtonpost.com/wp-dyn/articles/A6098-2005Mar28.htmlNightcrawler4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B   MIT clearnet keryserverPGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B  (IndyMedia https: clearnet keyserver)PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0