how long should a password be?
Sven Radde
email at sven-radde.de
Mon May 5 10:05:07 CEST 2008
Hi!
Matt Kinni schrieb:
> Everyone says it should be as long as possible (...) What do you think?
You might find this interesting read:
<http://www.schneier.com/blog/archives/2007/01/choosing_secure.html>
Also keep in mind that in order to attack your password, an attacker
would first have to access your secret keyring (unless you use GnuPg for
symmetric encryption).
As to what I think personally, around 15 pretty random characters would
be quite enough for my threat model. I don't expect the NSA to throw all
their supercomputers at cracking my passphrase, though ;-)
HTH, Sven
More information about the Gnupg-users
mailing list