Package: gpg-agent Version: 2.2.27-2 Severity: minor Tags: upstream When I type a passphrase with only letters and spaces, I get
A passphrase should contain at least 1 digit or special character. probably because the default --min-passphrase-nonalpha value is 1. On a long passphrase, this doesn't add any security (in particular, adding one random letter provides more possibilities than a random digits) and this is against NIST rules https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets." -- System Information: Debian Release: 11.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-security'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg-agent depends on: ii gpgconf 2.2.27-2 ii init-system-helpers 1.60 ii libassuan0 2.5.4-1 ii libc6 2.31-11 ii libgcrypt20 1.8.7-3 ii libgpg-error0 1.38-2 ii libnpth0 1.6-3 ii pinentry-curses [pinentry] 1.1.0-4 ii pinentry-gtk2 [pinentry] 1.1.0-4 Versions of packages gpg-agent recommends: ii gnupg 2.2.27-2 Versions of packages gpg-agent suggests: ii dbus-user-session 1.12.20-2 ii libpam-systemd 247.3-5 pn pinentry-gnome3 <none> pn scdaemon <none> -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)