Protecting your private key - passphrase
Stefan Claas
spam.trap.mailing.lists at gmail.com
Tue Dec 15 17:04:25 CET 2020
On Thu, Dec 10, 2020 at 4:11 PM Stefan Claas
<spam.trap.mailing.lists at gmail.com> wrote:
>
> Hi all,
>
> while playing with hashcat, diceware passphrases and entropy
> checkers I thought why not try to create a little program that
> you can input your passphrase and it gets converted to a random
> chars string (40 chars), based either on sha256+base91 or
> ripemd-160 output.
>
> The idea here is to use phrases which makes no sense but
> can easily been remembered and then get converted so that
> you always have IMHO good random input for GnuPG.
>
> For that task I created two little Golang programs which
> asks the user to input a phrase that makes no sense and
> while the user is typing in his passphrase bullets are
> displayed, like in pinentry, and then the random 40 chars
> get copied to the clipboard, so that users can paste
> the passphrase into GnuPG.
>
> In order that this works under Linux/Unix too you need
> to install xclip or xsel and don't forget to clear the
> clipboard after usage.
>
> Example #1
>
> Input: Alice+eats&red+stones
>
> Output program #1: 8rW3<HnS!UCQ)83@(|t{QRR<KDhJ$`]&k(b;yJjE
> Output program #2 a6a549d45f1e5c3fabfba37003541c3fa7f26d13
>
> Exampl #2
>
> Input: grüne-Füchse-fliegen#weich (= green-foxes-flying#soft)
>
> Output program #1: $j{hDH!5m4O[9JcPVBbHLlM^]R]RJ%yJoPr:IxAD
> Output program #2: 89216958ceed145dd03a6d23afa7ae93b27457e9
>
> Example #3
>
> Input mixed languages question: has*Bob*deutsche*ÄÖÜs?
>
> Output program #1 fq7Mr469cU#d%uOIX?zG?:^@^y[n152_OUvp8|gB
> Output program #2 9f770781c96d72b9974421ea72b523c019714a1f
>
> Hope you like the idea and maybe others come up with better
> solutions.
Did some calculations with these simple example mini-passphrases above
compared to diceware sixword word passphrases and decided to rename
my programs to passphrase hasher, so that people do not follow these
simple examples. Also added an clipboard overwrite button.
https://ibb.co/VYkDN20
Regards
Stefan
More information about the Gnupg-users
mailing list