The last standard the United States Navy used before it migrated to smartcards was 16 characters with at least two digits; at least two upper-case, at least two lower-case, and at least two special characters. A slight improvement on that would have been to insure the pass phrase started and ended with a letter. On Mon, 24 Jun 2019, Manuel Reimer wrote:
Date: Mon, 24 Jun 2019 11:02:57 From: Manuel Reimer <mail+archgeneral@m-reimer.de> Reply-To: General Discussion about Arch Linux <arch-general@archlinux.org> To: arch-general@archlinux.org Subject: [arch-general] How long do you make the passphrase for the private key?
Hello,
I want to publish a package repository with some packages that I need and only want to build once for all my systems.
I want to make the packages available for general use. I have server space for that so I only have to rsync my final repo to my server after compiling my packages.
I have my autobuild set up and signing seems to work, too.
For convenience, I decided to make the passphrase not too long.
I have 10 characters with both, alphanumeric and "special characters".
I think if the passphrase is meant to be uncrackable alone, then we wouldn't need the big private key file, right?
Is my passphrase long enough? What do the trusted users think about this topic?
Thanks in advance
Manuel
--