Limit of maximum password length

Robert J. Hansen rjh at sixdemonbag.org
Sat Oct 27 07:03:10 CEST 2012


On 10/26/12 11:40 PM, jv at dodec.lt wrote:
> I'm not sure why, but there is a password length limit on 1.x
> version (even in the latest release), not sure why ?

There are always limits.  If you're on a system with 4Gb RAM, good luck
putting in a passphrase longer than 4 billion characters.  Admittedly,
1024 characters is much less than four billion, but the point gets made:
there's always a limit somewhere, and the existence of a limit doesn't
really mean very much.  :)

I suppose my question is, why do you think you need such a long
passphrase?  The passphrase is used to create a 128-bit symmetric key,
so giving a passphrase of more than 128 bits of entropy gives you
nothing.  At a rather low estimate of 1.5 bits of entropy per glyph of
English text, that means you only really need 85 characters to get the
maximum entropy.

"To stand divided light at ev'n and poise their eyes, / Or nourish,
lik'ning spiritual, I have thou appear" -- to take two random lines of
random poetry -- is 105 characters and at least 158 bits of entropy.
Plenty enough for any purpose.  :)




More information about the Gnupg-users mailing list