how long should a password be?

Wolf Canis wolf.canis at googlemail.com
Mon May 5 10:34:44 CEST 2008


Sven Radde wrote:
> Hi!
>
> Matt Kinni schrieb:
>> Everyone says it should be as long as possible (...) What do you think?
> You might find this interesting read:
> <http://www.schneier.com/blog/archives/2007/01/choosing_secure.html>

Interesting article, thanks for the link. :-)

>
> Also keep in mind that in order to attack your password, an attacker
> would first have to access your secret keyring (unless you use GnuPg
> for symmetric encryption).
>
> As to what I think personally, around 15 pretty random characters
> would be quite enough for my threat model. I don't expect the NSA to
> throw all their supercomputers at cracking my passphrase, though ;-)

Don't you think that 8 characters is enough, especially in reference of the
article mentioned above?

I think one really important factor is that one haven't only one password.
The ideal would be for every account a different password. For that to
archive, IMHO, you need a system, which would give you the ability to
remember those passwords.

W. Canis


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080505/bf4e0b60/attachment.pgp>


More information about the Gnupg-users mailing list