-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear List readers!
http://www.gnupg.org/gph/en/manual/c14.html GnuPG needs a pass phrase to protect the primary and subordinate private keys that you keep in your possession. You need a Pass phrase to protect your private key. Enter passphrase: There is no limit on the length of a passphrase, === is this true? any file system always has a maximum file size. even ZFS has that. a Zetabyte cannot easily be neglected. The total sum of all elementary particles in the entire universe (open or closed) also is estimated to have an upper limit. This is astronomical units, but they are limited. === How many elementary particles in the universe? Our observable universe is approximately 30 Gigaparsecs across (or 95 billion light years). Using the equation for the volume of a sphere we can convert this into cubic centimeters, and get ~5x10^86 cc. Multiplying by the 500 particles per cc we found above (100 neutrinos and 400 photons) we finally get: 2.5 x 10^89 elementary particles in the visible universe. === So I feel safe if my pass phrase is approx one Gigaparsecond in size. Which exceeds the size of my monitor. ==> But this is not practical. not even in Sci Fiction. as an example for a nice 'n' cool trendy UTF-8 pass phrase 認された範囲では防+A]9衛機9'XK/qH密を含Bm`1gむ情{oKp5報はないという。陸 自第13旅団司=WkU.E令部(広の幹/qH部自衛官作v)-Gb<れた+A]9た範囲c? VB9Bm`1g{oKH部自衛p5%zはないといa<l6Zj!g?団司令部(O<9'XK/qHc+'${KW`= WkU.ES,6q部自と^ That is a 160 character passphrase, which can be hidden in a secret html page. bash-3.00$ ls -l passphrase_160-char-unicode.txt - -rw-r--r-- 1 morten other 288 Oct 21 01:52 passphrase_160-char-unicode.txt less passphrase_160-char-unicode.txt "passphrase_160-char-unicode.txt" may be a binary file. See it anyway? <E8><AA><8D><E3><81><95><E3><82><8C><E3><81><9F><E7><AF><84><E5><9B><B2><E3><81> <A7><E3><81><AF><E9><98><B2>+A]9<E8><A1><9B><E6><A9><9F>9'XK/qH<E5><AF><86><E3> <82><92><E5><90><AB>Bm`1g<E3><82><80><E6><83><85>{oKp5<E5><A0><B1><E3><81><AF> <E3><81><AA><E3><81><84><E3><81><A8><E3><81><84><E3><81><86><E3><80><82><E9><99> <B8><E8><87><AA><E7><AC><AC><EF><BC><91><EF><BC><93><E6><97><85><E5><9B><A3><E5> <8F><B8>=WkU.E<E4><BB><A4><E9><83><A8><EF><BC><88><E5><BA><83><E3><81><AE><E5> <B9><B9>/qH<E9><83><A8><E8><87><AA><E8><A1><9B><E5><AE><98><E4><BD><9C>v)-Gb< <E3><82><8C><E3><81><9F>+A]9<E3><81><9F><E7><AF><84><E5><9B><B2>c?VB9Bm`1g{oKH <E9><83><A8><E8><87><AA><E8><A1><9B>p5%z<E3><81><AF><E3><81><AA><E3><81><84><E3> <81><A8><E3><81><84>a<l6Zj!g?<E5><9B><A3><E5><8F><B8><E4><BB><A4><E9><83><A8> <EF><BC><88>O<9'XK/qHc+'${KW`=WkU.ES,6q<E9><83><A8><E8><87><AA><E3><81><A8>^ bash-3.00$ Since nothing is typed, a keylogger can have problems. Will the security increase linear with the length of a passphrase? Can I even use anothers public key as ctrl+v or paste from clipboard for the passphrase? More than 255 chars? since this is the weak point how long can it in theory and practise really be? UTF-8, UTF-16 included? I remember it was a discussion about it on the gnupg list. but I didn't notice or remember or recall the reply. What to do if the pass phrase needs to be stronger than what can be practically typed? save the passphrase in a file and decrypt from command line with the gpg --decrypt command 田茂元首相の墓参りをした。ペットボトルに入った水を墓にかけて displays as this bash-3.00$ ls -l unicode_test_01.txt - -rw-r--r-- 1 morten other 91 Oct 21 01:57 unicode_test_01.txt bash-3.00$ less unicode_test_01.txt "unicode_test_01.txt" may be a binary file. See it anyway? <E7><94><B0><E8><8C><82><E5><85><83><E9><A6><96><E7><9B><B8><E3><81><AE><E5><A2><93><E5><8F><82><E3> <82><8A><E3><82><92><E3><81><97><E3><81><9F><E3><80><82><E3><83><9A><E3><83><83><E3><83><88><E3><83> <9C><E3><83><88><E3><83><AB><E3><81><AB><E5><85><A5><E3><81><A3><E3><81><9F><E6><B0><B4><E3><82><92> <E5><A2><93><E3><81><AB><E3><81><8B><E3><81><91><E3><81><A6> bash-3.00$ can this file be used as input from command line passphrase? these passwords are recommended for wlan will they also work for gpg? https://www.grc.com/passwords.htm Are they useful for a gnupg passphrase? sufficiently random ? --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. - --passphrase-clipboard would be helpful. In the clipboard I can easily collect as much characters as any public key can contain. like this bash-3.00$ cat testpki-request.pem - -----BEGIN CERTIFICATE REQUEST----- MIICfzCCAWcCAQAwOjELMAkGA1UEBhMCREUxETAPBgNVBAoTCFRlc3QtUEtJMRgw FgYDVQQDEw9zdGVmYW5oZXVnZWwuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDFR4sGJvSuiAw+hwmZdNiqiEv+W49YOGk9YXtqMnfo3R6ntSLIpRkW sY9qf9jwFbw0Q6W0iHSX1W4LdHCK8/nyrsvlzQNJvhYTDaLQZZeDFZjIJY/v1PZz jm+K/zqwxTlE5KvgujTiLLEHu5GXOhuzoX3ZnfyAYUq1H4gE1PAbwRne09CTnohF gj35230KA5f6+oJ6ZJUfcHen7rOkwzYm/CEoIIbRXclc9geRcyF+NCRxppMmrwDk eVvRn+b8yEIvZXWSV7pylUZ6E27S1BKBgLsHNafzRuTiAk5q8GktR1yz6TFclMk8 U5zL0c3D7vjKLMZw6TC/5dJUa2n+D0qdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOC AQEADPDwAOtlgwSZwEuAqQVg2IcOTZniYQ4cvP1+h0z9YLaCZtX2nus3B98dOHN6 1fS5WQYglUTabLNFNwSguVABfzWqXk8tYT3jgw6BX/hU5tSISbnH1BHCSo7dZGr/ 5M0ce/sjCr9traLAlwfDJaA1h0YRTYQ0pNoSAzxgRCFU57zRBJ73Zwd22Yz+RXBv 5CneKAKZ4UqF7mkfCq+nBLuNn4SlPQ17sPGL4vYbgPgIj7EGnwhzYZUVmDiLtshV EEja6hjqu82pngztojWGDzhwKlc2lM3ri5ebnb3XsKF6XtAeWY09LmCYNrZ1xWyO Af3XNFEtHvjBLq4DPW4bHoCnwQ== - -----END CERTIFICATE REQUEST----- bash-3.00$ or even pass phrase from a cryptocard reader. If typed in on a Japanese keyboard, how many characters can it maximum be? Unlimited? 160 characters would be the maximum I could recall and type as a passphrase. But a generated and manipulated random arbitrary certificate file would also be fine. If I can use the clipboard and circumvent any key logger that would be an advantage. The clipboard is limited to my RAM of my video card. Practically two Gigabyte which gives 2 * 2^20 characters, if one char counts as one byte, as in ASCII. Sincerely yours, Morten Gulbrandsen 主バイトホイットフィールド _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkj9OyQACgkQ9ymv2YGAKVQsxQCgvlpO6cZM5pT1lShh2KUOUzTP p3cAoOGS0TGXA3WBB9a/AVgogHlC+lNG =vEc2 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
