Limit of maximum password length

jv at jv at
Sat Oct 27 07:58:50 CEST 2012

Hey Robert,

thanks for quick reply!

Well, I knew that there is a limit somewhere, but you know, having a 
passphrase longer than 1024 and not longer lets say than 2048 chars 
should not be a limit on 2012, don't you think so ? :)

To answer to your question about why I need so long psw is simple, the 
paranoia :)

By the way, you mentioned "105 characters and at least 158 bits of 
entropy", how do you control entropy when generating password ? And is 
it safe to use external entropy generator, say like rng tools ?

On 10/27/2012 8:03 AM, Robert J. Hansen wrote:
> On 10/26/12 11:40 PM, jv at wrote:
>> I'm not sure why, but there is a password length limit on 1.x
>> version (even in the latest release), not sure why ?
> There are always limits.  If you're on a system with 4Gb RAM, good luck
> putting in a passphrase longer than 4 billion characters.  Admittedly,
> 1024 characters is much less than four billion, but the point gets made:
> there's always a limit somewhere, and the existence of a limit doesn't
> really mean very much.  :)
> I suppose my question is, why do you think you need such a long
> passphrase?  The passphrase is used to create a 128-bit symmetric key,
> so giving a passphrase of more than 128 bits of entropy gives you
> nothing.  At a rather low estimate of 1.5 bits of entropy per glyph of
> English text, that means you only really need 85 characters to get the
> maximum entropy.
> "To stand divided light at ev'n and poise their eyes, / Or nourish,
> lik'ning spiritual, I have thou appear" -- to take two random lines of
> random poetry -- is 105 characters and at least 158 bits of entropy.
> Plenty enough for any purpose.  :)
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list