how long should a password be?
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 5 10:36:16 CEST 2008
Matt Kinni wrote:
> Everyone says it should be as long as possible
Not at all. At some point the passphrase becomes stronger than the
symmetric encryption algorithm. Then it's time to stop.
> where it's just impossible to remember anything longer than 20
> characters. What do you think?
I think if you can't remember a phrase longer than 20 characters, you
should seek immediate psychiatric help. :)
Throwing out just a few memorable phrases, all substantially long than
20 characters:
* They gave me a medal for dreaming of you.
(Leonard Cohen, _Book of Longing_)
* Beware the fury of a patient man.
(John Dryden, _Absalom and Achitophel_)
* The worst are filled with passionate intensity.
(William Butler Yeats, _The Second Coming_)
* listen: there's a hell of a good universe next door; let's go
(e.e. cummings, _pity this busy monster, manunkind_)
* Come with me, ladies and gentlemen who are in any wise weary of
London: come with me: and those that tire at all of the world we
know: for we have new worlds here.
(Lord Dunsany, _Prelude to the Book of Wonder_)
* Vor allem: pflanze mich nicht in dein Herz. Ich wüchse zu schnell.
(Rainer Maria Rilke, _Sonnets to Orpheus_ 16.)
As these examples will hopefully show you, there's no shortage of
magnificent, easy-to-remember passphrases.
... and why, yes, I _do_ have a liberal-arts degree. Would you like
fries with that? :)
More information about the Gnupg-users
mailing list