password paranoia
vedaal at hush.com
vedaal at hush.com
Thu Feb 9 17:43:11 CET 2006
Gabriele Alberti wrote on Wed Feb 1 22:54:42 CET 2006:
] i have this paranoia since some time though..
If i use _symmetric_ cyphers (lets say a 256 bit) how long my
password has to
be?
Keeping in mind my password can be composed with all 95 writeable
ascii chars,
using for example a 15 chars password gives me a "password space"
of 95^15,
that is 463291230159753366058349609375 passwords..*much* smaller
than the 256
bit keyspace (2^256,
2^256 ~= 1.1579 x 10^77
diceware ( http://world.std.com/~reinhold/diceware.html )
uses words for the passphrase and is much easier to remember
(but much harder to type when you don't see the passphrase as you
are typing it in ;-) )
there are 7776 diceware words,
7776^20 ~= 6.5331 x 10^77 > 2^256
so it would need 20 diceware words to get a passphrase that would
be as difficult to break, as brute forcing the keyspace of the
symmetrical cipher
*but*
in gnupg, unless you _actively_ choose otherwise,
by using the option of
's2k-cipher algo twofish' or 's2k-cipher algo aes256'
your secret key is, by default, encrypted with CAST5
which is only 128 bit
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list