Length for AES256 symmetric encryption passphrase?

Robert J. Hansen rjh at sixdemonbag.org
Fri Apr 4 22:04:26 CEST 2014

> René (not a mathematician or cryptographer)

Looks good to me.  My only correction is a notational one.  Keyspaces  
are normally expressed in bits of entropy, not in 2^N bits of entropy.  
  I'd suggest:

L = (3N) / (10 * log S)

... where 'L' is the length of the string in terms of its base  
component, N is the desired entropy in bits, and S is the keyspace of  
the string's base component.  This avoids having to compute logarithms  
base-2, since 3/10 is an astonishingly good approximation of two in  

Plugging in the numbers for Diceware and a 256-bit key:

L = (3 * 256) / (10 * log 7776)
L = 768 / (10 * 3.89)
L = 768 / 38.9
L = 19.74

Round it up to 20 words and call it done.

This is simple enough that you can turn it into a snippet of  
Javascript, a Python applet, or anything.  It's not much work at all.   
If anyone wants, I'd be happy to put up a passphrase length calculator.

And let me repeat, René, you got the math absolutely right.  All I did  
was clean it up a little bit to remove an obnoxious 2^godawful  
calculation.  :)

More information about the Gnupg-users mailing list