Password length paranoia

Roscoe eocsor at
Tue Feb 7 15:43:11 CET 2006

(I know. We already have lots of threads about the net on password length).

Heres my two cents, from someone who has zero security/cryptographic
background (:

Bruteforcing 256bit keys is on a level of hardness that pretty much
renders it impossible.
So I wouldn't really bother trying to make a password of similar strength.

128bit keys are still regarded as fine.

Even the 112bit of 3DES, which is the only MUST have symmetric cipher
in openpgp, is still fine (though not prefered for new applications).

And dont forget that generating a key from the password is a lengthy
operation, involving hashing thousands of times (how many in gpg?).
These Iterations linearly increase the difficulty of a bruteforce attempt.

So if you ask me greater than 20 random chars (95^20 > 2^128) is
getting a bit excited.

I vote 14-20 for a sane range for most people.
(14 being people not really concerned with bruteforcing)

Add to this my opinion that if someone compromised your system far
enough to get your secret key, you have big issues - like them
trojaning the gpg binary.

(I fully advocate random strings for passwords. The reason being the
more you type in any password the better you remember it, and the more
annoyed you get at typing in alot of chars. It's also easier to
evaluate the password strength - for the whole of this email assume I
am talking about random strings (obviously composed of chars on the

On 2/2/06, Gabriele Alberti <iz0ayv at> wrote:
> Hello,
> I am not a crypto expert; i have this paranoia since some time though..
> If i use _symmetric_ cyphers (lets say a 256 bit) how long my password has to
> be?
> Keeping in mind my password can be composed with all 95 writeable ascii chars,
> using for example a 15 chars password gives me a "password space" of 95^15,
> that is  463291230159753366058349609375 passwords..*much* smaller than the 256
> bit keyspace (2^256,
> 115792089237316195423570985008687907853269984665640564039457584007913129639936
> keys). With such password, is not easy to bruteforce the password rather than
> the actual key? To get a bigger password space, such as it is more convenient
> to attack the key against the password, i computed 95^39, that is
> 135275954279056171880020500846747996912046843238165820366702973842620849609375,
> a value just above the 256 bit keyspace..should i really use a 39 chars
> password to be safe or i am missing something?
> Thanks in advance,
> Gabriel
> ___________________________________
> Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list