Faramir wrote: > IIRC, once I saw somebody saying 128 bits is more than enough for a > good passphrase. And that beyond that lenght, there was no real strengh > gains... But maybe I am not recalling it correctly...
This is something you've heard from a lot of people, probably, myself included. 128 bits is enough until we get some science fiction breakthroughs. Of course, the trick there is 128 bits _of entropy_, not 128 bits _of passphrase_. Conservatively speaking, there are probably about 1.5 bits of entropy per letter of English text, meaning you'd need about an 80-char English passphrase to max it out. Introducing alphanumeric characters, punctuation and the like will reduce this considerably. > Anyway, bruteforcing an 8 characters long SHA1 password, in a home > computer, would take months... even using several home computers to Think 'centuries.' The RC5/64 project brute-forced a 64-bit cipher using 18 months and a very large distributed computing system. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
