There is no limit on the length of a passphrase,

John W. Moore III jmoore3rd at
Wed Oct 22 05:58:38 CEST 2008

Hash: SHA512

Robert J. Hansen wrote:
> Morton D. Trace wrote:
>> Dear list readers I just found this article.
> Be careful of anything you get off the internet.  This article is not
> especially good.

Mega Dittos!  [I know this sounds like Rush Limbaugh 'listener-speak'
but it is _all_ too TRUE!]

>> Calculating the entropy of a password is here well explained,
>> I don't know if it is mathematically correct,
> [shrugs]  Yes.  No.

Understand what [shrugs] really means.....You are proposing a
mathematical challenge to a List that is really more focused upon
facilitating the 'concerned User'.  Robert is a professional
Mathematician and actually _loves_ Numbers.  If You truly want
mathematics then Email Robert direct.  Stand By to Stand By:  He will
Reply and address You as a mathematical Equal.  Fair Warning:  HE's GOOD!

He fills His refrigerator, however, the same way You & I do....He earns
a paycheck from someone who likes the way He applies His brain.  Ya
gotta understand that whenever You ask a Question that deals with
'Random Chance' Robert is gonna seriously consider it as a valid
Question form a knowledgeable/teachable Interrogator.  You _will_ learn
if You read/study the Answer from a Guy who buys gas and I'm sure
occasionally says to the Cashier "gimme a Quick Pick on the Fantasy 5"
knowing full well that the odds of winning are a gazillion to 1.

> The reality is that very few people let a CSPRNG spit out a base-64
> password for them to remember (six bits of entropy per glyph).  They're
> hard to remember.  Good passphrases are easy to remember but hard to
> guess, which means they need to be rather large pieces of text.

entropy?  CPRNG?  glyph?  Please bear in mind that this is a 'public'
List and if at all possible Post in 'laymen's terms' or risk confusing
Every One else who reads this forum.  All the terms/words are valid but
without Full explanation You are attempting to benefit without 'sharing'
with everyone else.  [soapbox put away]

> Per Shannon's estimates, there are roughly 1.5 bits per glyph of English
> text.
>> one unicode character has approx three times the entropy as one ascii
>> character.

Agreed!  Gotta A-S-K again; Who are You attempting to 'share with?

>> I'd really like to see UTF-8 supported in GnuPG and be able to type some
>> characters from my keyboard,
> UTF8 is supported.  However, your OS may not support it.  That's an
> OS-level issue, not a GnuPG issue.  My Mac supports UTF-8 just fine,
> including exotics like "circled ideograph wood".

What O/S are You using?  MUA?

>> and additionally select some cool unicode letters from a language only I
>> know.
> If only you know it, then kiss randomness goodbye.  Someone who wants to
> attack your passphrase will focus their attack on symbols from languages
> you know.  The only defense is to pick randomly.

"only I know"?  Then it ain't a Language!  Language presupposes that
Others speak it among themselves.  Either it is completely 'Random' or
it is available for a Social Engineering attack.

>> Can GnuPG accept UTF-8 Characters as passphrase input?
> Depends on your OS.

Short Answer = YES

> Yes, but this is a case of buying a few hundred yards of rope just to
> make _sure_ you have enough with which to hang yourself.

I would say that a Man who jumps off of an 80 Story building thinks He
is 'flying' for 79 stories.  It is always the 'sudden stop' that is
painful & permanent!

No 'HTH' here simply because I don't care.  I do believe that everyone
is entitled to a 'Bad Attitude' day.  :-\

Timestamp: Tuesday 21 Oct 2008, 23:58  --400 (Eastern Daylight Time)
Version: GnuPG v1.4.10-svn4845: (MingW32)
Comment: Public Key at:
Comment: Gossamer Spider Web of Trust:
Comment: Homepage:


More information about the Gnupg-users mailing list