Entropy in ascii-armored output?

cdr cedar at 3web.net
Sun Jul 31 21:44:23 CEST 2005


Chris De Young wrote:

> ...that actually writing down passwords, if
> they're kept in a secure place, might not be a bad idea... 

This is almost certainly the case, especially for passwords
that are used to protect data while 'in transit' on public
networks.

> ...it seems that copying some arbitrary chunk out of 
> the middle of some GPG encryption output...

Once any machine-readable key material has been recorded on
your local filesystem or, worse, transmitted over the network,
the possiblities that an attacker will get hold of it increase
significantly; it would be much better to use some mechanical
device (cards, dice, bag with tiles...) instead.

C. Rok



More information about the Gnupg-users mailing list