The passphrase FAQ

A passphrase is a sentence or phrase used instead of a single password. Because of its length, a passphrase is more secure than a password. By using a phrase, it still is easy to remember.

By IT-lawyer Arnoud Engelfriet (blog, contact).

This document answers frequently asked questions about passphrases. A passphrase is basically a sentence or phrase that serves as a more secure password. A typical password is 6 to 8 characters, and often is a word that is present in a dictionary. That is very unsafe. A passphrase could be a complete sentence, preferably a nonsensical one. Such a sentence would be much harder to guess.

MD5 and IDEA are based on 128 bit blocks. It should be trivial to change to a 56 bit DES key or keys of other sizes. Passwords are different than passphrases due to length. The same ideas will work for analyzing your password or passphrase.

This is version 1.06a, 13 January 1997 (but still accurate - it's maths, after all.)

List of questions

About this FAQ

Getting started

Practical questions

Strength of the passphrase

Passphrase attackers

PGP and passphrases