On May 5, 2008, at 4:05 AM, Sven Radde wrote:
Hi!
Matt Kinni schrieb:
Everyone says it should be as long as possible (...) What do you
think?
You might find this interesting read: <http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
>
That's a good article. See this also: <http://world.std.com/~reinhold/diceware.html
>. It gives a way of easily generating and (fairly) easily
remembering long passphrases.
Also keep in mind that in order to attack your password, an attacker
would first have to access your secret keyring (unless you use GnuPg
for symmetric encryption).
This is very true and very important. The passphrase is really the
protection of last resort, and only comes into play after the secret
key is already lost. Simply locking your front door gives a layer of
protection here, and there are many other ways to prevent access to a
secret key so the passphrase never even gets tested.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
