On Tue, Dec 27, 2011 at 07:54:05PM -0500, ved...@nym.hush.com wrote: > That's exactly my question. > Does gnupg have a maximum string length for a passphrase, and > restrict itself to the entropy contained within that length?
Not to my knowledge. OpenPGP does not specify a maximum string length for a passphrase, and it's limited only to the amount of memory you have, or in some cases 2^61 bytes (which is essentially unlimited). > I tried symmetrically encrypting, using a string of 65 characters, > and it works, and requires exactly those 65 characters to decrypt. > (Substituting any other character for the 65th character does not > decrypt). Yes. When you use a passphrase to encrypt, the entire passphrase is hashed, so if the input is at all different, the passphrase will be rejected. Most modern OpenPGP implementations repeatedly hash the passphrase and use salt (8 bytes of random data stored with the passphrase to make the hash unique even if you reuse the passphrase). This makes brute-force attempts slower since more computation is required. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users