making a passphrase by doubling a password and tweaking the end
Robert J. Hansen
rjh at sixdemonbag.org
Thu Feb 8 18:07:58 CET 2007
> Suppose my shell password is "SapNilph4" (I just got that from APG),
> is it stupid to make a passphrase for an ssh or gpg key by doubling it
> and changing the end, for example "SapNilph4SapNilph3"? Or am I
> really wasting potential entropy this way?
Stupid? No. May not be especially wise, though. GnuPG passphrases,
like root login passwords, are very high-value secrets. You should
plan for them to be compromised at some point. If your root login
gets compromised and your GnuPG passphrase is derivable from your
root login, then you've got two high-value secrets compromised. Vice-
versa is the same way.
So while no, you're not wasting entropy, this may not be wise due to
how it complicates your failsafe plans.
More information about the Gnupg-users