GPG --symmetric option and passphrases
David Shaw
dshaw at jabberwocky.com
Tue Oct 7 04:07:06 CEST 2008
On Oct 6, 2008, at 6:17 PM, vedaal at hush.com wrote:
> [1] a 64 character passphrase should be more than enough for even
> the most paranoid user, if it could even be remembered reliably
> accurately ;-)
>
> or
>
> [2] a passphrase for a block cipher that has a 64 character session
> key
> *somehow* wouldn't provide any 'more' protection if it exceeded 64
> characters
> (although am a little *fuzzy* at this point, because a session key
> has 64 hexadecimal characters, and a passphrase of 64 'keyboard'
> characters is way beyond 2^256 possibilities)
>
>
> is this inaccurate?
At least in the context of OpenPGP, I think you're confusing cipher
key size with hash size. A hash is used to convert a passphrase to a
key that can be used in a cipher. This is called a string to key or
S2K function. The OpenPGP S2K function basically takes the
passphrase, adds salt, then hashes this blob over and over. The
result is used as the key. (I'm simplifiying - the exact details are
in RFC-4880). In other words, the key is going to be 128 (or
whatever) bits no matter what you do.
> if SHA-512 were to be used,
> would it mean that the passphrase could theoretically be 2^512-1 ?
No, it's "only" 2^128-1, but let's put this in perspective. That
number is around 7 times larger than the number of atoms contained in
every human being on planet earth.
David
More information about the Gnupg-users
mailing list