Length for AES256 symmetric encryption passphrase?

René Puls rpuls at kcore.de
Fri Apr 4 18:57:08 CEST 2014

On Fri, 4 Apr 2014 10:48:26 -0400 Sam Gleske <sam.mxracer at gmail.com>
> > What would be the recommended length for
> > completely random characters generated, for example, by a password
> > manager such as keepassx?
> >
> To clarify and be more specific... if one were using the password as
> the symmetric key in the GPG software (libcrypt)?  Or perhaps even
> just using openssl tools?

I use this formula for my own random passwords:

L = Log(2^N) / Log(E)

L is the suggested length of the password
N is the key size in bits
E is the number of possible characters

For a mixed-case alphanumeric password, E is 62 (2*26 letters plus 10
digits). To create a random password equivalent in strength to a
128-bit key, you need Log(2^128) / Log(62) or about 22 characters. For
a 256-bit key, you need about 43 characters.

If you use a passphrase system like Diceware, take the number of
different words in the word list (7776 for standard Diceware) as E, and
the resulting L as the number of words in your passphrase. So using the
formula above, you need Log(2^128) / Log(7776) or about 10 words for a
128-bit key and about 20 words for a 256-bit key.

Of course, the way you generate, distribute, store, enter and verify
your passwords is probably far more important, so consider this formula
more like an upper bound on useful password lengths. :-)

René (not a mathematician or cryptographer)

More information about the Gnupg-users mailing list