There is no limit on the length of a passphrase,

David Shaw dshaw at
Tue Oct 21 04:55:50 CEST 2008

On Oct 20, 2008, at 10:15 PM, Morton D. Trace wrote:

> Dear List readers!
> GnuPG needs a pass phrase to protect the primary and
> subordinate private keys that you keep in your possession.
> You need a Pass phrase to protect your private key.
> Enter passphrase:
> There is no limit on the length of a passphrase,
> ===
> is this true?

There is no limit in OpenPGP for a passphrase length, beyond that of  
the inherent limit imposed by the hash used for string-to-key  
conversion.  So, for SHA-1, the passphrase can be up to 2^64-1 bits,  
or just under 2 exabytes.  In practice, however, that's an insane size  
for a passphrase (around 457 million DVDs worth if my back of the  
envelope scribble is right) and no OpenPGP implementation supports  
anything near that.  GnuPG in particular will take whatever you give  
it, but it must be able to fit in memory (and secure memory to boot,  
on those platforms that support it).  You can probably get a few kb,  
but not much more.

> What to do if the pass phrase needs to be stronger than what can be
> practically typed?

Rethink what you're trying to do.


More information about the Gnupg-users mailing list