[PATCH] Allow the user to specify AES256 as well as AES128.
Robert J. Hansen
rjh at sixdemonbag.org
Wed May 22 14:06:41 CEST 2013
On 5/22/2013 5:19 AM, Werner Koch wrote:
> The weakest link we have in the key protection is the passphrase -
> virtually nobody is able to remember a passphrase with 128 bit entropy
> and 256 bit is well out of scope.
It isn't that we can't memorize passphrases with 128 bits of entropy:
it's that doing so is hard. I have five separate passphrases with 128
bits of entropy (16 bytes from /dev/urandom piped through a Base64
encoder) which I'm required to use for various reasons. Keeping track
of them all is difficult and the every-six-months password change policy
is enough to make me fume with anger, but... it's certainly *possible*.
Frustrating, though, definitely.
More information about the Gnupg-users