Traveling without a secret key
Stefan Claas
sac at 300baud.de
Wed Jul 8 12:52:43 CEST 2020
Ingo Klöcker wrote:
> On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> > Let's say you travel a lot and do not want to risk that your secret key
> > gets compromised due to border control etc.
> >
> > One simply uses the program passphrase2pgp, from GitHub[1] and when creating
> > the key and the passphrase is needed, one simply issues:
> >
> > echo -n 'simple password' | openssl dgst -sha256 -binary | base91 or base64
> > and then one gets a string with an entropy of over 200, which is more than
> > secure. This would one IMHO allow to have a strong passphrase but generated
> > with an easy to remember password.
>
> I'm sorry, but you cannot increase the entropy of "simple password" by hashing
> it. What you propose is "security by obscurity". And that was never a good
> idea.
Well, if I use a simple password like: 'Holidays Day 1' and run it through:
http://rumkin.com/tools/password/passchk.php for example
it gives an entropy of 62.6 bits.
If I use now this simple password and run it through my program the result is:
e|}]2$8$lI#:#h%|$}ody&qD6h#$RT;$L4^qm??D (sha256+base91)
and
C9+v21t+2y8atf5y+Yj/TqHenVC//q20WbjzM+jtcLA= (sha256+base64)
which gives an entropy of 192.3 and 234.2.
Regards
Stefan
--
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion
More information about the Gnupg-users
mailing list