There is no limit on the length of a passphrase,
David Shaw
dshaw at jabberwocky.com
Tue Oct 21 04:55:50 CEST 2008
On Oct 20, 2008, at 10:15 PM, Morton D. Trace wrote:
> Dear List readers!
>
> http://www.gnupg.org/gph/en/manual/c14.html
>
>
> GnuPG needs a pass phrase to protect the primary and
> subordinate private keys that you keep in your possession.
>
> You need a Pass phrase to protect your private key.
>
> Enter passphrase:
>
> There is no limit on the length of a passphrase,
>
> ===
>
>
> is this true?
There is no limit in OpenPGP for a passphrase length, beyond that of
the inherent limit imposed by the hash used for string-to-key
conversion. So, for SHA-1, the passphrase can be up to 2^64-1 bits,
or just under 2 exabytes. In practice, however, that's an insane size
for a passphrase (around 457 million DVDs worth if my back of the
envelope scribble is right) and no OpenPGP implementation supports
anything near that. GnuPG in particular will take whatever you give
it, but it must be able to fit in memory (and secure memory to boot,
on those platforms that support it). You can probably get a few kb,
but not much more.
> What to do if the pass phrase needs to be stronger than what can be
> practically typed?
Rethink what you're trying to do.
David
More information about the Gnupg-users
mailing list