how long should a password be?

Robert J. Hansen rjh at sixdemonbag.org
Mon May 5 10:42:19 CEST 2008


Faramir wrote:
>   That brings another related question: is there any character
> unsuported by GnuPG? I ask this because once I was using an application,
> and I tried to use "special" characters in the password, but the app
> rejected the users saying "wrong password", so I had to use just normal
> characters. Is there a chance that problem can happen with GnuPG?

This is a good question, but unfortunately there's a lot more to it than
that.

As far as GnuPG goes, you aren't entering characters at all.  You're
just entering bytes of data which it processes to create a symmetric
key.  GnuPG can probably accommodate pretty much any character set, as
long as it's not _totally_ ridiculous.

However, if you're using a front-end (GPGshell, WinPT, Enigmail, etc.),
then you might want to ask about what character set the front-end is
using.  If the front-end is using a Cyrillic character set but your
console is using Latin-1, it is possible that things could get a bit
messed up as the two applications talk to each other.  You might think
you're entering the letter R, but is that a Cyrillic or a Latin R?  The
two don't encode the same way.

Moral of the story: character sets aren't a problem, but making sure
everything is speaking the charset can be a problem.





More information about the Gnupg-users mailing list