Secret key storage question

Gordon Worley redbird at
Tue Jun 18 20:10:02 CEST 2002

On Tuesday, June 18, 2002, at 12:19  PM, Frank Tobin wrote:

> Gordon Worley, on 2002-06-18, wrote:
>> I'm trying to figure out a couple of things.  For example, if the
>> passphrase is being used to keep the secret keys unreadable, then am I
>> correct in thinking that your passphrase should be the same length as
>> the key it's protecting so that a brute force attack on either would
>> take just as long?
> Yes, but 'length' is an inappropriate term to use.  'strength' is 
> better.

I use length assuming a passphrase made up of random bits.  My reason 
for brining this up is that some users want to use Apple's Keychain 
program, which keeps all of their passphrases in one location, with the 
Mac GPG applications.  Before I looked at implementing this, though, I 
wanted to know if there would be some benefit (i.e. there's some real 
improved difficulty in hacking the key if someone got hold of your 
secret keyring and the passphrase is long and random enough that the 
user couldn't remember it without a program like Keychain).

A follow up question:  what would be the longest reasonable length for a 
passphrase (keeping in mind the other three factors David Shaw mentioned 
that are involved in protecting a secret key)?

Also, can the passphrase be any string of bits (lumped into bytes before 
giving it to GnuPG), or are there some limitations?

Gordon Worley - Mac GPG Project              ``Doveriai no proveriai.''
redbird at                                --Russian proverb
PGP:  0xBBD3B003

More information about the Gnupg-devel mailing list