GPG --symmetric option and passphrases

vedaal at vedaal at
Tue Oct 7 00:17:12 CEST 2008

David Shaw dshaw at wrote on
Mon Oct 6 19:44:40 CEST 2008 :

>There is no limit in OpenPGP for a passphrase length, 
>beyond that of the inherent limit 
>imposed by the hash used for string-to-key conversion


am way out of my depth here, 
in that i don't understand the mechanics of block cipher primitives 

truecypt has a maximum allowable passphrase of 64 characters
(sort-of relatively small for an application that allows a 1 
petabyte container size for encryption ;-) )
[i couldn't find it in their documentation on why they decided on 
the limit of 64]

i 'thought'
that the reason that this was so,
was either that

[1] a 64 character passphrase should be more than enough for even 
the most paranoid user, if it could even be remembered reliably 
accurately ;-)


[2] a passphrase for a block cipher that has a 64 character session 
*somehow* wouldn't provide any 'more' protection if it exceeded 64 
(although am a little *fuzzy* at this point, because a session key 
has 64 hexadecimal characters, and a passphrase of 64 'keyboard' 
characters is way beyond 2^256 possibilities)

is this inaccurate?

is there a 'ceiling' limit, beyond which a passphrase length does 
not cryptographically protect the key?

(not a limit beyond which it is 'easier' to attack the key than the 
that's easy to figure out, depending on if random characters are 
used, or diceware words, or other options with a known total number 
of possibilities,

for random 95 keyboard characters
 [ 95^39 ~= 1.35 x 10^77 ] > [2^256 ~= 1.15 x 10^77 ] },

but a limit where the password length after it becomes a key,
doesn't provide any more protection ?

>So, for SHA-1, the passphrase can be up to 2^64-1 bits,

so, does it depend only on the hash?

if SHA-512 were to be used,
would it mean that the passphrase could theoretically be 2^512-1 ?



any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

Spend quality time on the open seas with a great boating charter. Click now!

More information about the Gnupg-users mailing list