Control: forwarded 840687 https://bugs.gnupg.org/gnupg/issue2758
Control: retitle 840687 gpg does not cope well with long passphrases

On Fri 2016-10-14 03:29:34 -0400, Josef Vítů wrote:

> thanks for your prompt reply. The test setup worked just fine, but
> after debugging gpg-agent as you suggested (with a higher debug-level,
> though) I know where the problem is. Attaching the log is pointless I
> think, as the critical line is clearly here:
>
> DBG: chan_10 -> SETERROR Passphrase too long (try 2 of 3)
>
> Looks like pinentry cannot handle passwords longer than 255 ASCII
> characters (at least in my case), and there's even an abandoned bug
> report about that, so maybe I should move there?
>
> https://bugs.gnupg.org/gnupg/issue1592

ah yes, sounds like you've found the issue.  I'm retitling this bug
report, because gpg should at least tell you that it doesn't like the
length of your passphrases, rather than leaving it to fail mysteriously.

there's also:

   https://bugs.gnupg.org/gnupg/issue2038

I've also just done some additional experimentation with ultra-long
passphrases and the result is this additional upstream bug report:

   https://bugs.gnupg.org/gnupg/issue2758

fwiw, i don't think you should need more than 128 characters or so for a
really strong passphrase (plain english is about 1 bit of entropy per
character, and passphrases longer than 128 bits of entropy are probably
pointless), and gpg's limits are supposed to be ~256 characters.

But still, gpg should make those limits much more clear to the user.

    --dkg

Attachment: signature.asc
Description: PGP signature

Reply via email to