Entropy in ascii-armored output?
cdr
cedar at 3web.net
Sun Jul 31 21:44:23 CEST 2005
Chris De Young wrote:
> ...that actually writing down passwords, if
> they're kept in a secure place, might not be a bad idea...
This is almost certainly the case, especially for passwords
that are used to protect data while 'in transit' on public
networks.
> ...it seems that copying some arbitrary chunk out of
> the middle of some GPG encryption output...
Once any machine-readable key material has been recorded on
your local filesystem or, worse, transmitted over the network,
the possiblities that an attacker will get hold of it increase
significantly; it would be much better to use some mechanical
device (cards, dice, bag with tiles...) instead.
C. Rok
More information about the Gnupg-users
mailing list