maximum passphrase for symmetric encryption ?

brian m. carlson sandals at
Wed Dec 28 02:36:56 CET 2011

On Tue, Dec 27, 2011 at 07:54:05PM -0500, vedaal at wrote:
> That's exactly my question.
> Does gnupg have a maximum string length for a passphrase, and 
> restrict itself to the entropy contained within that length?

Not to my knowledge.  OpenPGP does not specify a maximum string length
for a passphrase, and it's limited only to the amount of memory you
have, or in some cases 2^61 bytes (which is essentially unlimited).

> I tried symmetrically encrypting, using a string of 65 characters, 
> and it works, and requires exactly those 65 characters to decrypt. 
> (Substituting any other character for the 65th character does not 
> decrypt).

Yes.  When you use a passphrase to encrypt, the entire passphrase is
hashed, so if the input is at all different, the passphrase will be
rejected.  Most modern OpenPGP implementations repeatedly hash the
passphrase and use salt (8 bytes of random data stored with the
passphrase to make the hash unique even if you reuse the passphrase).
This makes brute-force attempts slower since more computation is

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111228/9e99c80d/attachment.pgp>

More information about the Gnupg-users mailing list