Entropy in ascii-armored output?
Chris De Young
chd at chud.net
Sat Jul 30 00:59:16 CEST 2005
Hi,
Some people have started to suggest that actually writing down passwords, if
they're kept in a secure place, might not be a bad idea; the rationale is that
passwords which can be considered "good" are reaching the point of being
un-memorizable.
Assuming for the moment that this is the case (whether it really is or not isn't
clear, I think), it seems that copying some arbitrary chunk out of the middle of
some GPG encryption output (with -a, e.g. "QhRuM+W4xC9qnPvn") might be a good
source of password material.
It's random-looking to the untrained eye, but how random is it really? It
occurred to me that the ascii-armoring process might introduce weaknesses that
aren't obvious, but I don't follow the guts of the process well enough to be sure.
Thanks!
-C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050729/c6a1a6cf/signature.pgp
More information about the Gnupg-users
mailing list