secring and dropbox

[Jay Litwyn]

On 2011-07-19 6:18 PM, Kara wrote:
> ====
>
> Reference Robert J. Hansen's 19 Jul 2011, 1504 (-0700), "Re: secring
> and dropbox":
>
>>> Is it a bad idea to place your secring in dropbox?
>> Depends entirely on the strength of your passphrase.  With a strong
>> enough passphrase you could publish your secret certificates in the
>> newspaper of your choice and still be confident of their safety.
> Using a decent password generator and specifying a mix of upper and
> lower case letters, digits, and special characters, how many total
> characters -- as a minimum -- would you recommend such a password be?
>
> Any particular password generator program you would recommend?
>

Your brain. You hav to remember it, so you are better off constructing
it in the first place. Remember that you will hav no automated retrieval
process, where a friendly program reminds you of your passphrase. It iz
almost a shame that the most retrievable things are sentences with
non-sensical images in them, like Harry Lorayne's pimple-moose for
pomplemouse, the french word for grapefruit: He would hav you imajin a
moose with giant grapefruit pimples to remember that french word. You
can then insert punctuation and numbers that don't go on facebook,
anywhere, cut some of words down to initials or consonants (or out, if
it's long enough). Then, add a pattern in your casing. There could be a
program like "crack" applied to input passwords, measuring strength. Of
course, if you are confident that your private key ring will never go
anywhere, and that you can revoke it if it does (JENERATE A REVOKATION
CERTIFICATE. Store it on that USB key that is chained into your coat.)
It would of course be a nuisance to hav someone publish your revokation
certificate, and nothing like losing money at Mark Twain Bank. If your
friends are good enough, then you can leave a revokation certificate
with them.