I had a doubt and wanted to ask for help from you; Gpg4win has the option to encrypt files and folders, I was wondering if it has a feature that limits the attempt to enter the password, to avoid brute force attacks, like in ATMs, where when you make a mistake you have to wait 24 hours before trying again. I use a program called Glaryssoft for encryption and it has this feature of limiting attempts, the only bad thing is that it uses the Blowfish protocol, I haven’t seen it well on the internet.
the pinentry usually allows three attempts and then reports back to the component called gpg-agent, that entrering the pinentry failed. However it can be tried again.
So there is no limits on how often a passphrase (or password) can be tried.
It does not make sense to do such a limit, because the secret key material, which is protected by the passphrase is saved on disk. Once the attacker gets hold of the files on disk, no application can limit the attempts anymore, the attacker can just run many instances.
However the key derivation function (KDF) used by GnuPG (the crypto engine of Gpg4win) is designed to make attacks on the files hard. Ideally it will make computation of a key from a passphrase so expensive that a brute force attack is not practial. For more details see
I understand and accept the answer.
It then begs the question as to why the pinentry screen needs to be so strict as to only allow 3 tries.
I understood, in this case, this Glaryssoft password limiter would be of little use, because if an attacker caught the encrypted file he could still try the dictionary or brute force attack? In this case, the most logical thing you could do would be to adopt mechanisms to delay the process that you did not even mention?
What difference does it make whether an attack takes 1000 centuries or only 100
the pinentry re-tries are for one operation. There needs to be a way to tell
if an operation has failed (for now) and should or should not be re-attempted.
As people can misstype, it is probably fine if pinentry tries three times for one operation.
as for theoretical speed of brute force attaches (== trying all possible passwords): The safety is only an estimation based on how fast computing speeds grows and how much money it costs. So having a magnitude more safety margin is a good idea in many cases.
The delay of the offline attack comes from the strength of the key derivation function (as mentioned).
what has not been mentioned here are smartcards. With them you have an insurance that the key to decrypt data is only stored on the smartcard and will be blocked once you have entered the PIN wrongly three times in a row. This eliminates the brute force potential.