Traveling without a secret key

Stefan Claas sac at 300baud.de
Wed Jul 8 23:24:54 CEST 2020


Ryan McGinnis via Gnupg-users wrote:
 
> The thing is, if you can't remember a string of random words, are you likely to remember a string 20 random letters, numbers,
> and characters?  Generally, if your non-randomly-generated password is easy for you to remember, it's also easy for a
> computer to guess.  Diceware is the attempt to make something easy as possible to remember while still being truly
> high-entropy.  If you're really paranoid you don't use the javascript program to generator your random phrases, you buy an
> EFF book and roll some casino dice.  The entropy comes from the dice and so is verifiable.

How do I do that when traveling, because I can't memorize the diceware pass phrase and then roll dices and tell via a
non-secure channel my now generated pass phrase, or do I make a mistake now in thinking?

> Probably the best PGP key passphrase would be to have some sort of high security locally stored password manager like
> KeepassXC, encrypt that password database with a good long diceware passphrase that you train yourself to remember, and then
> have that program generate some random 30 or 40 character gibberish passwords to copypasta into PGP when it asks.  While
> you're at it, use that to create different random passwords for every site and service you use.

Well, for home usage, I have an offline computer, when using PGP, but I wanted to show/know a good way, for traveling.

Regards
Stefan


-- 
my 'hidden' service gopherhole:
gopher://iria2xobffovwr6h.onion



More information about the Gnupg-users mailing list