maximum passphrase for symmetric encryption ?

Aaron Toponce aaron.toponce at
Wed Dec 28 00:27:00 CET 2011

There may be some errors in my reply, so if so, please notify me.

On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote:
> On 2011-12-27 23:14, vedaal at wrote:
> > The approximate equivalent in brute force work is 20 diceware
> > words.
> > [ 7776^19 < 2^256 < 7776^20 ].
> >
> >  A string of 15 diceware words is often more than 64 characters.
> I can't tell for gpg specifically but it's not so much about
> "characters". It's about entropy. Natural language is redundant, and
> diceware uses words from natural language.

Yes, but each word in the diceware list contains about 12.9 bits of
entropy, due to the random nature of rolling a fair D6. So, for a
passphrase that is 20 diceware words, it contains roughly 258-bits of
entropy, as he identified.

It's easy to calculate entropy in a truly random environment:

    H = L*log2(N)

where 'H' is the entropy value in binary bits, 'L' is the length of the
message, 'log2()' is the log base-2 function, and 'N' is the possible
number of characters the system can have. The only time when this equation
becomes more complicated, is when predictable patterns, such as can be
found in human language, are found.

> So don't measure characters, your upper bound is entropy, so 20 diceware
> words apparently contain 256 bits of entropy (based on your numbers).
> That means any more than 20 words isn't going to add for the case of
> AES-256.

And this is the point, right here. A passphrase that has more binary bits
of entropy, than the containing system, won't provide you with any
additional benefit, or security. So, in the case with a 20 word, diceware
passphrase, provided that the RNG building the AES 256-bit environment is
truly random data, any additional entropy in the passphrase, won't buy you
any additional security in the encrypted data.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 519 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111227/d1ed7075/attachment.pgp>

More information about the Gnupg-users mailing list