Traveling without a secret key

Stefan Claas sac at 300baud.de
Wed Jul 8 12:52:43 CEST 2020


Ingo Klöcker wrote:
 
> On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> > Let's say you travel a lot and do not want to risk that your secret key
> > gets compromised due to border control etc.
> > 
> > One simply uses the program passphrase2pgp, from GitHub[1] and when creating
> > the key and the passphrase is needed, one simply issues:
> > 
> > echo -n 'simple password' | openssl dgst -sha256 -binary | base91 or base64
> > and then one gets a string with an entropy of over 200, which is more than
> > secure. This would one IMHO allow to have a strong passphrase but generated
> > with an easy to remember password.
> 
> I'm sorry, but you cannot increase the entropy of "simple password" by hashing 
> it. What you propose is "security by obscurity". And that was never a good 
> idea.

Well, if I use a simple password like: 'Holidays Day 1' and run it through:

http://rumkin.com/tools/password/passchk.php for example

it gives an entropy of 62.6 bits.

If I use now this simple password and run it through my program the result is:

e|}]2$8$lI#:#h%|$}ody&qD6h#$RT;$L4^qm??D (sha256+base91)

and 

C9+v21t+2y8atf5y+Yj/TqHenVC//q20WbjzM+jtcLA= (sha256+base64)

which gives an entropy of 192.3 and 234.2.

Regards
Stefan

-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion



More information about the Gnupg-users mailing list