On 2020-09-16 at 15:03 -0700, Alan Bram via Gnupg-users wrote: > I have been using gnupg for a few years now, with no change in the way I > invoke it. Recently (I guess my package manager updated to a new version: > 2.2.23) it started injecting a warning about "insecure passphrase" and > suggesting that I ought to include a digit or special character. > > I don't want to do that. I have a strong passphrase that was generated via > Diceware. It's simply a few words made of plain letters; but it's long > enough, and totally random. Stronger than a short, lame password that > someone simply appends a "1" to. > > Is there a way to suppress the annoying warning?
Set min-passphrase-nonalpha in ~/.gnupg/gpg-agent.conf -- the default is 1, but I think that you can set it to 0. Also make sure that you haven't set check-passphrase-pattern to point to a dictionary -- a common security pattern for 8-12 "random" character passwords but unlikely to be helpful with a diceware approach. There are other relevant options in the gpg-agent man-page in the area around those options, worth reviewing. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
