Gabriele Alberti wrote on Wed Feb 1 22:54:42 CET 2006: ] i have this paranoia since some time though.. If i use _symmetric_ cyphers (lets say a 256 bit) how long my password has to be? Keeping in mind my password can be composed with all 95 writeable ascii chars, using for example a 15 chars password gives me a "password space" of 95^15, that is 463291230159753366058349609375 passwords..*much* smaller than the 256 bit keyspace (2^256,
2^256 ~= 1.1579 x 10^77 diceware ( http://world.std.com/~reinhold/diceware.html ) uses words for the passphrase and is much easier to remember (but much harder to type when you don't see the passphrase as you are typing it in ;-) ) there are 7776 diceware words, 7776^20 ~= 6.5331 x 10^77 > 2^256 so it would need 20 diceware words to get a passphrase that would be as difficult to break, as brute forcing the keyspace of the symmetrical cipher *but* in gnupg, unless you _actively_ choose otherwise, by using the option of 's2k-cipher algo twofish' or 's2k-cipher algo aes256' your secret key is, by default, encrypted with CAST5 which is only 128 bit vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
