[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?

Robert J. Hansen rjh at sixdemonbag.org
Sun Apr 17 21:32:58 CEST 2011

> I thought that was the main reason for using a hash of the
> password/phrase as symmetric key, to usilize the whole keyspace.

English has about two bits of entropy per glyph, so a ten-character English passphrase will have about twenty bits of entropy regardless of what algorithm you use to hash it.  You can't make an insecure passphrase suddenly 256 bits of entropy strong by using SHA-256.  :)

More information about the Gnupg-users mailing list