The last standard the United States Navy used before it migrated to smartcards was 16 characters with at least two digits; at least two upper-case, at least two lower-case, and at least two special characters. A slight improvement on that would have been to insure the pass phrase started and ended with a letter.
On Mon, 24 Jun 2019, Manuel Reimer wrote: > Date: Mon, 24 Jun 2019 11:02:57 > From: Manuel Reimer <mail+archgene...@m-reimer.de> > Reply-To: General Discussion about Arch Linux <arch-general@archlinux.org> > To: arch-general@archlinux.org > Subject: [arch-general] How long do you make the passphrase for the private > key? > > Hello, > > I want to publish a package repository with some packages that I need and only > want to build once for all my systems. > > I want to make the packages available for general use. I have server space for > that so I only have to rsync my final repo to my server after compiling my > packages. > > I have my autobuild set up and signing seems to work, too. > > For convenience, I decided to make the passphrase not too long. > > I have 10 characters with both, alphanumeric and "special characters". > > I think if the passphrase is meant to be uncrackable alone, then we wouldn't > need the big private key file, right? > > Is my passphrase long enough? What do the trusted users think about this > topic? > > Thanks in advance > > Manuel > > --
