Protecting your private key - passphrase

Stefan Claas spam.trap.mailing.lists at gmail.com
Sun Dec 13 22:20:04 CET 2020


I will release tomorrow, if time permits, the GUI based versions,
on GitHUb, created with the help of the fyne toolkit.

https://ibb.co/rxYcXvq

Regards
Stefan

On Thu, Dec 10, 2020 at 4:11 PM Stefan Claas
<spam.trap.mailing.lists at gmail.com> wrote:
>
> Hi all,
>
> while playing with hashcat, diceware passphrases and entropy
> checkers I thought why not try to create a little program that
> you can input your passphrase and it gets converted to a random
> chars string (40 chars), based either on sha256+base91 or
> ripemd-160 output.
>
> The idea here is to use phrases which makes no sense but
> can easily been remembered and then get converted so that
> you always have IMHO good random input for GnuPG.
>
> For that task I created two little Golang programs which
> asks the user to input a phrase that makes no sense and
> while the user is typing in his passphrase bullets are
> displayed, like in pinentry, and then the random 40 chars
> get copied to the clipboard, so that users can paste
> the passphrase into GnuPG.
>
> In order that this works under Linux/Unix too you need
> to install xclip or xsel and don't forget to clear the
> clipboard after usage.
>
> Example #1
>
> Input: Alice+eats&red+stones
>
> Output program #1: 8rW3<HnS!UCQ)83@(|t{QRR<KDhJ$`]&k(b;yJjE
> Output program #2  a6a549d45f1e5c3fabfba37003541c3fa7f26d13
>
> Exampl #2
>
> Input: grüne-Füchse-fliegen#weich (= green-foxes-flying#soft)
>
> Output program #1: $j{hDH!5m4O[9JcPVBbHLlM^]R]RJ%yJoPr:IxAD
> Output program #2: 89216958ceed145dd03a6d23afa7ae93b27457e9
>
> Example #3
>
> Input mixed languages question: has*Bob*deutsche*ÄÖÜs?
>
> Output program #1 fq7Mr469cU#d%uOIX?zG?:^@^y[n152_OUvp8|gB
> Output program #2 9f770781c96d72b9974421ea72b523c019714a1f
>
> Hope you like the idea and maybe others come up with better
> solutions.
>
> Attached are the two programs as Golang source code.
>
> Please note I am only noodling around with Golang and I am
> not a programmer!
>
> Regards
> Stefan
>
> Resources:
>
> https://www.gnupg.org/gph/en/manual/c481.html
> https://www.armourinfosec.com/password-cracking-with-hashcat/
> http://passwordstrengthcalculator.com/index.php
> http://rumkin.com/tools/password/passchk.php



More information about the Gnupg-users mailing list