Length for AES256 symmetric encryption passphrase?

[Robert J. Hansen]

> To be clear, I want to use gnupgp to do symmetric encryption using  
> AES256.  As I understand it, the 'gpg -symmetric ...' command  
> converts a pass phrase into a key, a 32 byte key in the case of  
> AES256.

Correct!

> I /assume/ that this conversion is 'deterministic'  since as far as  
> I can tell, the 'gpg -symmetric ...' does not store the key it  
> generates. Correct me if I'm wrong.

Again, correct!

> I am trying to decide how long a pass phrase to use.  I have not  
> decided how to generate the pass phrase.  Assume that it is  
> pseudo-randomly chosen from the an english language character set.

Then this becomes pretty straightforward.  :)  Let's say you use the  
upper- and lower-case letters, the digits 0 through 9, as well as the  
'+' and '/' marks.  This character set is commonly called 'base64',  
since there are 64 symbols in the set.

Using the equation René provided and I polished a bit, you have:



       3 * 256    <-- 256: size of the key in bits
L = -----------
     10 * log 64  <--  64: how many letters are in your set



... 43 characters.

A quick back-of-the-envelope calculation confirms this to be the case.  
  base64 is known to have six bits of entropy per character.  6 * 43 =  
258 bits.  At 43 characters you're providing GnuPG with 258 bits of  
entropy to use in creating a 256-bit symmetric key.