Sven Radde wrote: > Hi! > > Matt Kinni schrieb: >> Everyone says it should be as long as possible (...) What do you think? > You might find this interesting read: > <http://www.schneier.com/blog/archives/2007/01/choosing_secure.html>
Interesting article, thanks for the link. :-) > > Also keep in mind that in order to attack your password, an attacker > would first have to access your secret keyring (unless you use GnuPg > for symmetric encryption). > > As to what I think personally, around 15 pretty random characters > would be quite enough for my threat model. I don't expect the NSA to > throw all their supercomputers at cracking my passphrase, though ;-) Don't you think that 8 characters is enough, especially in reference of the article mentioned above? I think one really important factor is that one haven't only one password. The ideal would be for every account a different password. For that to archive, IMHO, you need a system, which would give you the ability to remember those passwords. W. Canis
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
