how to suppress new "insecure passphrase" warning

Phil Pennock gnupg-users at spodhuis.org
Thu Sep 17 17:56:14 CEST 2020


On 2020-09-16 at 15:03 -0700, Alan Bram via Gnupg-users wrote:
> I have been using gnupg for a few years now, with no change in the way I
> invoke it. Recently (I guess my package manager updated to a new version:
> 2.2.23) it started injecting a warning about "insecure passphrase" and
> suggesting that I ought to include a digit or special character.
> 
> I don't want to do that. I have a strong passphrase that was generated via
> Diceware. It's simply a few words made of plain letters; but it's long
> enough, and totally random. Stronger than a short, lame password that
> someone simply appends a "1" to.
> 
> Is there a way to suppress the annoying warning?

Set min-passphrase-nonalpha in ~/.gnupg/gpg-agent.conf -- the default is
1, but I think that you can set it to 0.

Also make sure that you haven't set check-passphrase-pattern to point to
a dictionary -- a common security pattern for 8-12 "random" character
passwords but unlikely to be helpful with a diceware approach.

There are other relevant options in the gpg-agent man-page in the area
around those options, worth reviewing.

-Phil



More information about the Gnupg-users mailing list