secring and dropbox
vedaal at nym.hush.com
vedaal at nym.hush.com
Wed Jul 20 16:38:55 CEST 2011
Kara karadenizi at gmail.com wrote on
Wed Jul 20 02:18:16 CEST 2011 :
>> Is it a bad idea to place your secring in dropbox?
>Using a decent password generator and specifying a mix of upper
and
lower case letters, digits, and special characters, how many total
characters -- as a minimum -- would you recommend such a password
be?
>Any particular password generator program you would recommend?
-----
A simple alternative would be to create a truecrypt container,
allowing truecrypt to generate its own keyfile.
Store the keyfile in a secure, retrievable place (not in the
cloud),
and you can leave the password blank.
To answer your question;
assuming that at some point, the 'cloud' will have resources to
brute force passphrases that might be considered safe 'now', but
still not enough to brute force a 2^256 or even a 2^128 symmetrical
cipher,
then,
symmetrically encrypt any file using either AES, Twofish, or
Camellia,
and then decrypt it with the gnupg option of '--show-session-key'.
Gnupg will display a random 64 character string.
Use the entire string as your passphrase,
(or half of it, if you feel comfortable that the combined sources
of the cloud will not be able to brute-force a 128 bit keyspace in
your lifetime ;-) )
If you find such a string difficult to remember, then consider
Diceware.
http://world.std.com/~reinhold/diceware.html
(afaik, there is no computerized dice generator that will produce
acceptably random results, so you'll need 5 dice.)
The Diceware keyspace is 7776
(6 possibilities for a die throw, 5 throws, 6^5 = 7776).
[ 7776^10 ~= 8.08 x 10^38 ] > [ 2^128 ~= 3.40 x 10^38 ]
[ 7776^20 ~= 6.53 x 10^77 ] > [ 2^256 ~= 1.58 x 10^77 ]
A 10 word Diceware passphrase should be more than enough.
More information about the Gnupg-users
mailing list