My pass is most probably a 6 character passphrase with only numbers, and only containing 6 possible different numbers (ie: I know there are no 0s and 6s)
This strikes me as very bad. I'm new to #bitcoin-otc, but if someone publicly admits that their GPG password is weak, that raises a red flag in my mind. If your password is easily crackable, does your web-of-trust rating actually mean anything?
If I talk to nster on #bitcoin-otc how do I know it's the real nster and not an impersonator? Does a challenge string clearsigned with nster's public key actually prove his identity? No. Not if I know
that nster's private key is protected by a passphrase that can be brute-forced in only 86
Of course, I don't know
that nster's passphrase is really that weak. The owner of the nster
account on this forum is not necessarily the owner of the nster GPG key
on #bitcoin-otc. For all I know, the OP is impersonating nster and trying to tarnish his web-of-trust rating.
I'm not trying to be hostile or antagonistic, so I apologize if I'm coming off that way. I guess I'm just trying to say that you're not going to gain any credibility among crypto-nerds by advertizing how weak your GPG passphrase is. Your public key is your identity. Protect it.