hi Rogier,
in the following I show you a way to find answers yourself to these kind of questions using the links provided by GPGTools.
in Mail -> Preferences -> GPGMail Tab -> klick on "Knowledge Base"
search for "Passphrase"; one of the the results is the answer to "What is a passphrase?":
What is a passphrase?
Most people are familiar with restricting access to computer systems via a password, which is a unique string of characters that a user types in as an identification code.
A passphrase is a longer version of a password, and in theory, a more secure one. Typically composed of multiple words, a passphrase is more secure against standard dictionary attacks, wherein the attacker tries all the words in the dictionary in an attempt to determine your password. The best passphrases are relatively long and complex and contain a combination of upper and lowercase letters, numeric and punctuation characters.
OpenPGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess. It should be something already firmly embedded in your long-term memory, rather than something you make up from scratch. Why? Because if you forget your passphrase, you are out of luck. Your private key is totally and absolutely useless without your passphrase and nothing can be done about it. Remember the quote earlier in this chapter? OpenPGP is cryptography that will keep major governments out of your files. It will certainly keep you out of your files, too. Keep that in mind when you decide to change your passphrase to the punchline of that joke you can never quite remember.
search for "Password"; one of the the results is "Password management":
It is too long to paste here so here's the URL:
Hope this helps,
kind regards
Thomas_U
