There is no limit on the length of a passphrase,

Robert J. Hansen rjh at
Tue Oct 21 13:43:38 CEST 2008

Faramir wrote:
> IIRC, once I saw somebody saying 128 bits is more than enough for a
> good passphrase. And that beyond that lenght, there was no real strengh
> gains... But maybe I am not recalling it correctly...

This is something you've heard from a lot of people, probably, myself
included.  128 bits is enough until we get some science fiction

Of course, the trick there is 128 bits _of entropy_, not 128 bits _of
passphrase_.  Conservatively speaking, there are probably about 1.5 bits
of entropy per letter of English text, meaning you'd need about an
80-char English passphrase to max it out.  Introducing alphanumeric
characters, punctuation and the like will reduce this considerably.

>   Anyway, bruteforcing an 8 characters long SHA1 password, in a home
> computer, would take months... even using several home computers to

Think 'centuries.'  The RC5/64 project brute-forced a 64-bit cipher
using 18 months and a very large distributed computing system.

More information about the Gnupg-users mailing list