Secret key storage question

Robert J. Hansen rjhansen at
Tue Jun 18 19:36:01 CEST 2002

> I'm trying to figure out a couple of things.  For example, if the 
> passphrase is being used to keep the secret keys unreadable, then am I 
> correct in thinking that your passphrase should be the same length as 

Hard to say.  Maybe, maybe not--depends on your threat model.  If your
threat model covers people who are eavesdropping while your traffic is
in transit, but considers your home PC to be secure, then you're not
exposing yourself to any risk by leaving your passphrase as "42" (to
throw in a random _Hitchhikers_ reference).

If your threat model considers your PC to be a possible target of
attack, then it behooves you to use a longer passphrase.  If your threat
model says the people attacking you have the resources of a large
corporation or less, then about a 50-glyph passphrase would be just fine
(assuming Schneier's 1.3 bits of entropy per English glyph).  If your
threat model is the NSA, then you need to be talking to a professional
information security consultant--a single software package, such as
GnuPG, isn't going to cut it for you.

> take just as long?  Also, if not, is the passphrase just a way of making 
> sure the user really wants to do something (like sign a document) and 
> didn't accidently sign something that they shouldn't have?  And that a 

No.  The passphrase is hashed down to a 128-bit symmetric key.  This
symmetric key is then used to decrypt the user's private key.  The
private key is stored in an encrypted format, yes--encrypted with AES,
for GnuPG, or CAST5, for PGP.

More information about the Gnupg-devel mailing list