[PATCH] Allow the user to specify AES256 as well as AES128.

Robert J. Hansen rjh at sixdemonbag.org
Wed May 22 14:06:41 CEST 2013


On 5/22/2013 5:19 AM, Werner Koch wrote:
> The weakest link we have in the key protection is the passphrase -
> virtually nobody is able to remember a passphrase with 128 bit entropy
> and 256 bit is well out of scope.

It isn't that we can't memorize passphrases with 128 bits of entropy:
it's that doing so is hard.  I have five separate passphrases with 128
bits of entropy (16 bytes from /dev/urandom piped through a Base64
encoder) which I'm required to use for various reasons.  Keeping track
of them all is difficult and the every-six-months password change policy
is enough to make me fume with anger, but... it's certainly *possible*.

Frustrating, though, definitely.





More information about the Gnupg-users mailing list