Length for AES256 symmetric encryption passphrase?
Robert J. Hansen
rjh at sixdemonbag.org
Fri Apr 4 22:04:26 CEST 2014
> René (not a mathematician or cryptographer)
Looks good to me. My only correction is a notational one. Keyspaces
are normally expressed in bits of entropy, not in 2^N bits of entropy.
L = (3N) / (10 * log S)
... where 'L' is the length of the string in terms of its base
component, N is the desired entropy in bits, and S is the keyspace of
the string's base component. This avoids having to compute logarithms
base-2, since 3/10 is an astonishingly good approximation of two in
Plugging in the numbers for Diceware and a 256-bit key:
L = (3 * 256) / (10 * log 7776)
L = 768 / (10 * 3.89)
L = 768 / 38.9
L = 19.74
Round it up to 20 words and call it done.
This is simple enough that you can turn it into a snippet of
If anyone wants, I'd be happy to put up a passphrase length calculator.
And let me repeat, René, you got the math absolutely right. All I did
was clean it up a little bit to remove an obnoxious 2^godawful
More information about the Gnupg-users