GPG --symmetric option and passphrases
vedaal at hush.com
vedaal at hush.com
Tue Oct 7 00:17:12 CEST 2008
David Shaw dshaw at jabberwocky.com wrote on
Mon Oct 6 19:44:40 CEST 2008 :
>There is no limit in OpenPGP for a passphrase length,
>beyond that of the inherent limit
>imposed by the hash used for string-to-key conversion
am way out of my depth here,
in that i don't understand the mechanics of block cipher primitives
truecypt has a maximum allowable passphrase of 64 characters
(sort-of relatively small for an application that allows a 1
petabyte container size for encryption ;-) )
[i couldn't find it in their documentation on why they decided on
the limit of 64]
that the reason that this was so,
was either that
 a 64 character passphrase should be more than enough for even
the most paranoid user, if it could even be remembered reliably
 a passphrase for a block cipher that has a 64 character session
*somehow* wouldn't provide any 'more' protection if it exceeded 64
(although am a little *fuzzy* at this point, because a session key
has 64 hexadecimal characters, and a passphrase of 64 'keyboard'
characters is way beyond 2^256 possibilities)
is this inaccurate?
is there a 'ceiling' limit, beyond which a passphrase length does
not cryptographically protect the key?
(not a limit beyond which it is 'easier' to attack the key than the
that's easy to figure out, depending on if random characters are
used, or diceware words, or other options with a known total number
for random 95 keyboard characters
[ 95^39 ~= 1.35 x 10^77 ] > [2^256 ~= 1.15 x 10^77 ] },
but a limit where the password length after it becomes a key,
doesn't provide any more protection ?
>So, for SHA-1, the passphrase can be up to 2^64-1 bits,
so, does it depend only on the hash?
if SHA-512 were to be used,
would it mean that the passphrase could theoretically be 2^512-1 ?
any ads or links below this message are added by hushmail without
my endorsement or awareness of the nature of the link
Spend quality time on the open seas with a great boating charter. Click now!
More information about the Gnupg-users