making a passphrase by doubling a password and tweaking the end

Robert J. Hansen rjh at
Thu Feb 8 18:07:58 CET 2007

> Suppose my shell password is "SapNilph4" (I just got that from APG),
> is it stupid to make a passphrase for an ssh or gpg key by doubling it
> and changing the end, for example "SapNilph4SapNilph3"?  Or am I
> really wasting potential entropy this way?

Stupid?  No.  May not be especially wise, though.  GnuPG passphrases,  
like root login passwords, are very high-value secrets.  You should  
plan for them to be compromised at some point.  If your root login  
gets compromised and your GnuPG passphrase is derivable from your  
root login, then you've got two high-value secrets compromised.  Vice- 
versa is the same way.

So while no, you're not wasting entropy, this may not be wise due to  
how it complicates your failsafe plans.

More information about the Gnupg-users mailing list