[arch-general] How long do you make the passphrase for the private key?

Jude DaShiell jdashiel at panix.com
Mon Jun 24 15:45:10 UTC 2019

The last standard the United States Navy used before it migrated to
smartcards was 16 characters with at least two digits; at least two
upper-case, at least two lower-case, and at least two special
characters.  A slight improvement on that would have been to insure the
pass phrase started and ended with a letter.

On Mon, 24 Jun 2019, Manuel Reimer wrote:

> Date: Mon, 24 Jun 2019 11:02:57
> From: Manuel Reimer <mail+archgeneral at m-reimer.de>
> Reply-To: General Discussion about Arch Linux <arch-general at archlinux.org>
> To: arch-general at archlinux.org
> Subject: [arch-general] How long do you make the passphrase for the private
>     key?
> Hello,
> I want to publish a package repository with some packages that I need and only
> want to build once for all my systems.
> I want to make the packages available for general use. I have server space for
> that so I only have to rsync my final repo to my server after compiling my
> packages.
> I have my autobuild set up and signing seems to work, too.
> For convenience, I decided to make the passphrase not too long.
> I have 10 characters with both, alphanumeric and "special characters".
> I think if the passphrase is meant to be uncrackable alone, then we wouldn't
> need the big private key file, right?
> Is my passphrase long enough? What do the trusted users think about this
> topic?
> Thanks in advance
> Manuel


More information about the arch-general mailing list