Protecting your private key - passphrase

Robert J. Hansen rjh at sixdemonbag.org
Mon Dec 14 05:35:15 CET 2020


> I guess you have not read my initial posting ... otherwise you would
> think different and would not say so ...

Stefan, I read your original posting and I completely concur with Ingo.

> The program is not only for GnuPG usage

Please explain to me who might benefit from this.

Seriously.  If people want CSPRNG output, this is not CSPRNG output. 
If people want a key derivation function, this is a *really bad* key
derivation function: you should've used PBKDF2 or Argon2.

What's your use case?  Who might benefit?

> try out
> the programs from my initial posting and then check the entropy of
> the output.

No, Stefan, that's not how it works.  It is flat impossible to, by any
deterministic means, increase the entropy of a function's output over
the function of the input.  Deterministic functions only ever reduce
entropy: there exist no deterministic functions that increase it.

Imagine I have a 'Gender' field on a driver's license, and it can take
three values: 'Male', 'Female', and 'Nonbinary'.  There are three
states there, meaning there are (log-2 of 3 = ) 1.58 shannons of
entropy present.  If I feed one of those three fields into SHA256 and
get 'fceea935c627080824b44df8f222631d39e6f705b307be1fc80f36769ade230c'
I'm not increasing the entropy, I'm only spreading 1.58 shannons out
over a larger region of text.

"But if I feed this into an entropy estimator it comes back high!" 
Yes, because entropy estimators are like any other tool: they need to
be used with insight.  If the entropy estimator knew the universe of
possibilities was only 'Male', 'Female', and 'Nonbinary', and the
algorithm used was SHA256, it could then say "oh yeah, 1.58 shannons of
entropy, boss."

But when you naïvely run an entropy estimator and *deny it information
about the possibility set or algorithms used*, you're violating
Kerckhoff's Principle and of course you're going to get wildly
incorrect results.

> BTW. Nobody is forced to use my programs and real cryptographers, I
> have shown
> my humble approach, liked it also...

Then I invite them to come here and explain to me where I'm wrong.

So far in the last week you've advocated Bitcoin scams on this list and
hyped your own snake oil.

In just the last week.

Please stop.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 850 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201213/9c897bd1/attachment.sig>


More information about the Gnupg-users mailing list