GPG --symmetric option and passphrases

David Shaw dshaw at jabberwocky.com
Tue Oct 7 04:07:06 CEST 2008


On Oct 6, 2008, at 6:17 PM, vedaal at hush.com wrote:

> [1] a 64 character passphrase should be more than enough for even
> the most paranoid user, if it could even be remembered reliably
> accurately ;-)
>
> or
>
> [2] a passphrase for a block cipher that has a 64 character session
> key
> *somehow* wouldn't provide any 'more' protection if it exceeded 64
> characters
> (although am a little *fuzzy* at this point, because a session key
> has 64 hexadecimal characters, and a passphrase of 64 'keyboard'
> characters is way beyond 2^256 possibilities)
>
>
> is this inaccurate?

At least in the context of OpenPGP, I think you're confusing cipher  
key size with hash size.  A hash is used to convert a passphrase to a  
key that can be used in a cipher.  This is called a string to key or  
S2K function.  The OpenPGP S2K function basically takes the  
passphrase, adds salt, then hashes this blob over and over.  The  
result is used as the key.  (I'm simplifiying - the exact details are  
in RFC-4880).  In other words, the key is going to be 128 (or  
whatever) bits no matter what you do.

> if SHA-512 were to be used,
> would it mean that the passphrase could theoretically be 2^512-1 ?

No, it's "only" 2^128-1, but let's put this in perspective.  That  
number is around 7 times larger than the number of atoms contained in  
every human being on planet earth.

David



More information about the Gnupg-users mailing list