There is no limit on the length of a passphrase,

Nikola Pavlovic nik at
Wed Oct 22 22:40:22 CEST 2008

On Wed, Oct 22, 2008 at 06:11:23PM +0200, Bernhard Kleine wrote:
> With respect to randomness, do you have an idea how passphrases which
> use first letters of e.g. songs or poems (with lower and uppercase
> letters in german) are rated?

It all depends on how big a pool of songs/poems you have, I guess.
Intuitively, I guess it's not that good, but it again depends on who is
out to get you. :)

My $0.02:

I use Diceware for really important passphrases. 7 or 8 Diceware words
is somewhere near 128 bits of entropy (I don't remember exactly, but I
think 9 words is the first level above 128 bits).

I have never had problems remembering even 8-word ones (after a few
tries it just sticks in my muscle memory, I wouldn't be able to
reproduce them without a querty keyboard :) I have hard copies of
course, stored secure enough considering my needs and resources (can't
really hire armed guards ;)

So, presuming the actuall list from which you pick words is valid and you
use a reasonably good set of dices to choose them, I think it is an
optimal way of generating strong passphrases.


Be different: conform.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: </pipermail/attachments/20081022/7577475e/attachment.pgp>

More information about the Gnupg-users mailing list