From: IN%"stewarts@ix.netcom.com" "Bill Stewart" 22-FEB-1997 03:05:51.28
At 04:21 PM 2/21/97 -0500, Alec wrote:
Is the strength, or lack thereof, of conventional PGP encryption proportional to the length of the conventional password?
Sure, up to 128 bits of entropy. Go check out pgpcrack.
Another way to put it is that the length places a _maximum_ on the entropy; no more than 7 bits (unless PGP's interface can deal with control/etcetera keys) minus a fractional bit (for characters like delete) per character. Of course, simply expanding a passphrase of "a" to "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" won't do you much good... but most non-pathological passphrases will expand in entropy as they expand in length. (There is the consideration, however, that a lengthy passphrase may need to be in alphabetical characters, as opposed to alphanumeric, due to human memory limitations. If you didn't/don't have that, then even a completely random over-19-character long passphrase (enough to be more than 128 effective bits going in) could be of assistance; greater length makes it more likely that someone observing you will miss enough of the passphrase to make a search impractical.) -Allen