Limit of maximum password length
jv at dodec.lt
jv at dodec.lt
Sat Oct 27 07:58:50 CEST 2012
thanks for quick reply!
Well, I knew that there is a limit somewhere, but you know, having a
passphrase longer than 1024 and not longer lets say than 2048 chars
should not be a limit on 2012, don't you think so ? :)
To answer to your question about why I need so long psw is simple, the
By the way, you mentioned "105 characters and at least 158 bits of
entropy", how do you control entropy when generating password ? And is
it safe to use external entropy generator, say like rng tools ?
On 10/27/2012 8:03 AM, Robert J. Hansen wrote:
> On 10/26/12 11:40 PM, jv at dodec.lt wrote:
>> I'm not sure why, but there is a password length limit on 1.x
>> version (even in the latest release), not sure why ?
> There are always limits. If you're on a system with 4Gb RAM, good luck
> putting in a passphrase longer than 4 billion characters. Admittedly,
> 1024 characters is much less than four billion, but the point gets made:
> there's always a limit somewhere, and the existence of a limit doesn't
> really mean very much. :)
> I suppose my question is, why do you think you need such a long
> passphrase? The passphrase is used to create a 128-bit symmetric key,
> so giving a passphrase of more than 128 bits of entropy gives you
> nothing. At a rather low estimate of 1.5 bits of entropy per glyph of
> English text, that means you only really need 85 characters to get the
> maximum entropy.
> "To stand divided light at ev'n and poise their eyes, / Or nourish,
> lik'ning spiritual, I have thou appear" -- to take two random lines of
> random poetry -- is 105 characters and at least 158 bits of entropy.
> Plenty enough for any purpose. :)
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users