Entropy in ascii-armored output?
Chris De Young
chd at chud.net
Sat Jul 30 00:59:16 CEST 2005
Some people have started to suggest that actually writing down passwords, if
they're kept in a secure place, might not be a bad idea; the rationale is that
passwords which can be considered "good" are reaching the point of being
Assuming for the moment that this is the case (whether it really is or not isn't
clear, I think), it seems that copying some arbitrary chunk out of the middle of
some GPG encryption output (with -a, e.g. "QhRuM+W4xC9qnPvn") might be a good
source of password material.
It's random-looking to the untrained eye, but how random is it really? It
occurred to me that the ascii-armoring process might introduce weaknesses that
aren't obvious, but I don't follow the guts of the process well enough to be sure.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050729/c6a1a6cf/signature.pgp
More information about the Gnupg-users