how long should a password be?

Sven Radde email at sven-radde.de
Mon May 5 10:05:07 CEST 2008


Hi!

Matt Kinni schrieb:
> Everyone says it should be as long as possible (...) What do you think?
You might find this interesting read: 
<http://www.schneier.com/blog/archives/2007/01/choosing_secure.html>

Also keep in mind that in order to attack your password, an attacker 
would first have to access your secret keyring (unless you use GnuPg for 
symmetric encryption).

As to what I think personally, around 15 pretty random characters would 
be quite enough for my threat model. I don't expect the NSA to throw all 
their supercomputers at cracking my passphrase, though ;-)

HTH, Sven



More information about the Gnupg-users mailing list