Secret key storage question
Gordon Worley
redbird at rbisland.cx
Tue Jun 18 20:10:02 CEST 2002
On Tuesday, June 18, 2002, at 12:19 PM, Frank Tobin wrote:
> Gordon Worley, on 2002-06-18, wrote:
>
>> I'm trying to figure out a couple of things. For example, if the
>> passphrase is being used to keep the secret keys unreadable, then am I
>> correct in thinking that your passphrase should be the same length as
>> the key it's protecting so that a brute force attack on either would
>> take just as long?
>
> Yes, but 'length' is an inappropriate term to use. 'strength' is
> better.
I use length assuming a passphrase made up of random bits. My reason
for brining this up is that some users want to use Apple's Keychain
program, which keeps all of their passphrases in one location, with the
Mac GPG applications. Before I looked at implementing this, though, I
wanted to know if there would be some benefit (i.e. there's some real
improved difficulty in hacking the key if someone got hold of your
secret keyring and the passphrase is long and random enough that the
user couldn't remember it without a program like Keychain).
A follow up question: what would be the longest reasonable length for a
passphrase (keeping in mind the other three factors David Shaw mentioned
that are involved in protecting a secret key)?
Also, can the passphrase be any string of bits (lumped into bytes before
giving it to GnuPG), or are there some limitations?
--
Gordon Worley - Mac GPG Project
http://macgpg.sourceforge.net/ ``Doveriai no proveriai.''
redbird at rbisland.cx --Russian proverb
PGP: 0xBBD3B003
More information about the Gnupg-devel
mailing list