Robert J. Hansen rjh at sixdemonbag.org wrote on Mon May 5 10:36:16 CEST 2008 :
>> Everyone says it should be as long as possible >Not at all. At some point the passphrase becomes stronger than the >symmetric encryption algorithm. Then it's time to stop. so, assuming 95 keyboard possibilities (excluding special characters, but including 'space' as a possibility) [95^19 = (3.77)(10^37)] < [2^128 = (3.40)(10^38)] < [95^20 = (3.58)(10^39)] and [95^38 = (1.42)(10^75)] < [2^256 = (1.15)(10^77)] < [95^39 = (1.35)(10^77)] (approximate estimations, truncating after 2 significant digits) so, for the passphrase to be as secure as a 128 bit block cipher, it needs to have 20 random keyboard characters and for it to be as secure as a 128 bit cipher, it needs to have 39 random keyboard characters i don't know what the correction factor needs to be if someone uses non-random long passphrases of dictionary words, or a string acronym of memorable sentences --btw a nice way to include special characters, is to use equations or programming notation as part of the passphrase example: e=m(c^2) (here we have a unique luxury :-) the equation doesn't have to be *valid*, just *memorable*) in crypto, RSA c = m^e mod n so e=mc2 becomes: e = m [(m^e)^2 mod n] = m [m^2e mod n] = [e = m^(2e+1) mod n] (not being 'picky' about squaring the mod n in the nonsense equation :-)) many similar memorable nonsense equations as well as obfuscated perl one-liners, can be imagined by the geeky mind ;-) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- What a capital idea! Click now for great vacation packages to Washington DC! http://tagline.hushmail.com/fc/Ioyw6h4eQwZoKYXhIX4jPfFC91a4IN8I9LL8Sq8e3GHyn2izNGWs9p/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
