Steve Kinney
Sun Jun 2 02:24:02 2002


After playing with it a bit, I have decided that the 
password test utility at 
is useless for checking PGP/GPG pass phrases.  It was 
designed to test short passwords, and does so by looking 
for dictionary words and fragments of dictionary words.  
When it finds a predominance of words or word fragments, 
it automatically assumes a bad password, no matter 
how long or random the list may be.

I have tried pass phrases made up of ten or more 
misspelled English words, which the password checker 
identified as breakable in one day on a home PC-- 
despite there being somewhere in the vicinity of 
6 x 10^37 combinations to try...

Pass phrase strength is a matter of entropy.  To check 
a PGP/GPG pass phrase, start here:


Steve K