On 10/27/2012 1:58 AM, j...@dodec.lt wrote: > Well, I knew that there is a limit somewhere, but you know, having a > passphrase longer than 1024 and not longer lets say than 2048 chars > should not be a limit on 2012, don't you think so ? :)
No, I don't. I think that using passphrases longer than about 80 characters shows you don't understand the problem. :) > To answer to your question about why I need so long psw is simple, the > paranoia :) A 1024-character passphrase is so long I doubt you could memorize it (unless you were to use the full text of some well-known poem, and in that case it would be a poor passphrase). That means you've got it on a file somewhere and enter it via cut-and-paste. That means instead of safeguarding just your private key, you now need to safeguard your private key, the file that contains your passphrase, and the OS calls that implement C&P functionality. This is a much, much weaker system than if you were to use a "normal" passphrase. Being too paranoid is just as bad, and maybe even worse, than not being paranoid enough. > By the way, you mentioned "105 characters and at least 158 bits of > entropy", how do you control entropy when generating password ? And is > it safe to use external entropy generator, say like rng tools ? You control the entropy by coming to an informed estimate of how much entropy is present per glyph of text. Claude Shannon and others did groundbreaking work in this field, and came up with numbers generally falling around 2 bits per glyph. Subtracting a bit to be on the side of safety gives us 1.5 bits per glyph. Alternately, you can do something like this: === rjh@flynn:~$ gpg --armor --gen-random 2 16 5FNsIpmx8UYa8lz/qWYEag== === That "5FNsIpmx..." is an example of a 128-bit passphrase. That's the gold standard for passphrases. I'm not going to comment on external entropy generators. I don't know your particular situation, and that means I can't tell you what makes sense for your particular needs. Telling you a 1024+-character passphrase doesn't make sense for your needs is one thing -- telling you what makes sense for your needs is something else altogether. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
