Erle Greer wrote: | f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne | (Yes, cut-n-paste, but my only in-house threat is my wife.) | | Actual Question: | Does the length and randomness of a passphrase contribute at all | to the overall security of a cryptosystem? Not directly. The SECRECY of a passphrase does contribute. If you do not provide it to your attacker (in the form of a file on your computer which a Microsoft Worm macro carried in a message might send out, that the search party might find, etc), then the length and difficulty of guessing protect you. For random text (I'll assume you're rolling dice) like that, figure you get about 5 bits of entropy per character. Your PGP secret key is IDEA encrypted with a 128 bit key, so you don't need any more than 30 characters of random text to get a passphrase space (or universe, to use Tim's metaphor) thats harder to search than the keyspace. I think its a poor assumption that your home won't be searched if you're doing something that makes you want a 2048 bit key. A thousand bits of keylength should be good enough for most things that don't need to stay secret more than 5-10 years. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume