There is no limit on the length of a passphrase,

Chris De Young chd at
Wed Oct 22 19:28:22 CEST 2008

Morton D. Trace wrote:
> here are some random 20char ASCII pass phrases
> bash-3.00$ apg  -a  1  -M  S  -n  20  -m  20
> ^;@_*-<|./|;&/._;}.!
> ?<&!\+~&;[//.~_-!|+]


I do actually use some passphrases like this, though usually with more
letters and numbers in them (generated with gpg --gen-random -a for
the most part). I make no attempt to remember them; I keep them in an
application designed for the purpose (PasswordSafe).  Given that,
there's really no need to limit the length to 20 - since you're never
going to type it, you may as well use as long a password as your
application will accept.

The drawback to this is that if my password store is not available to
me then none of the passwords in it are either. I also have more
conventional passphrases that I can remember and type, since there are
always some things you're going to have to produce from memory, and
there may be some things you don't want to trust to permanent storage
at all. Pick the right tool for the job.

I find that randomly generated passwords work fine for 90+% of my
password needs though.  :-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20081022/b67e4aad/attachment.pgp>

More information about the Gnupg-users mailing list