Entropy in ascii-armored output?

Chris De Young chd at chud.net
Sat Jul 30 00:59:16 CEST 2005


Some people have started to suggest that actually writing down passwords, if
they're kept in a secure place, might not be a bad idea; the rationale is that
passwords which can be considered "good" are reaching the point of being

Assuming for the moment that this is the case (whether it really is or not isn't
clear, I think), it seems that copying some arbitrary chunk out of the middle of
some GPG encryption output (with -a, e.g. "QhRuM+W4xC9qnPvn") might be a good
source of password material.

It's random-looking to the untrained eye, but how random is it really?  It
occurred to me that the ascii-armoring process might introduce weaknesses that
aren't obvious, but I don't follow the guts of the process well enough to be sure.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050729/c6a1a6cf/signature.pgp

More information about the Gnupg-users mailing list