How secure is GnuPG

Ryan Malayter
Tue Jul 23 23:53:02 2002

From: Daniel Carrera []=20
>Have I made a mistake somewhere here?

Maybe. Any group English words, even the first letters of the words of a
sentence, are a *lot* more ordered than random characters. For example,
many times more English words start with C than with X, and most
sentences begin with an article or other short word like "the". Your
suggestion would be a very bad method of selecting random characters.

If you want 128 bits of security from a random combination of the 95
non-whitespace characters typeable on a U.S. keyboard, you need just 20
characters. But you need to use an ASCII chart and dice or another truly
random source to pick the letters well.

For example, this passphrase has ~131 bits of true entropy (truly random
ASCII numbers taken from

Certainly secure, but I don't think I could remember that, or type it
accurately. If you used DiceWare instead, this would be a passphrase of
10 randomly chosen English words, all lower case. Definitely longer, but
easier to remember and type correctly.

I personally think that using an 128-bit passphrase is overkill, as
anything passphrase of around 80 bits (13 random chars/7 DiceWare words)
is out of reach for the foreseeable future. It's taken
more than 4 years with hundreds of thousands of computers to brute-force
a 64-bit RC5 key, and the algorithms involved in passphrase hashing are
much slower than RC5 key setup.