how long should a password be?

Bill Royds apple at royds.net
Mon May 5 14:18:01 CEST 2008


On 5-May-08, at 03:55 , Wolf Canis wrote:

> There are infinite possibilities. That's the trick. Not the length  
> of a
> password is
> decisive but the quality. The quality of your password decides how  
> much
> effort is necessary to hack it.

Unfortunately that is not true. Since most systems use a single byte  
for each character in a passphrase There are only 2^(8*n) bits in an n  
character passphrase.
So there are only 64 bits in an 8 character password, which can be  
cracked quite quickly using rainbow tables for any password.

The real problem is allowing multiple attempts to crack the passphrase  
and this only occurs if your secret keyring is available to the cracker.

Basically, any password you can remember is easy to crack, so don't  
let the keyring ever be in a position for someone to try.



More information about the Gnupg-users mailing list