atom at suspicious.org
Tue Oct 26 07:58:48 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 25 Oct 2004, Per Tunedal Casual wrote:
> I thought once more about this :-) It's hard enough to put up a
> passphrase that matches an 128 bit-key. The hash, if any, doesn't
> matter, because it can hardly decrease the strength of the passphrase,.
> Thus any cipher with a key longer than 128-bits is overkill when you
> encrypt symmetrically. Right?
i have several passphrases that are 20+ characters. 22 characters of
uppercase, lowercase, numbers and spaces is *stronger* than 128 bit.
that's not counting the full range of characters that can be used...
assuming that 95 characters are generally suitable (read: safe) for use in
passphrases, it only takes a theoretical 19.5 characters to equal 128 bits
and 39 characters to hit 256 bits. such passphrases may not be suitable
for all applications, but they're not entirely ridiculous. IMHO it's
posible to come up with passwords that are that long, easy to remember and
AFAIK, the session key used for symmetric encryption is derived from the
user supplied passphrase, then salted and iterated (this may have changed
recently). if symmetric and asymmetric encryption is used then the session
key is derived in the usual random way.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"I am committed to helping Ohio deliver its electoral
votes to the president [Bush] next year"
-- Walden O'Dell, CEO of Diebold
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-users