Ingo Klöcker wrote: > On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote: > > Let's say you travel a lot and do not want to risk that your secret key > > gets compromised due to border control etc. > > > > One simply uses the program passphrase2pgp, from GitHub[1] and when creating > > the key and the passphrase is needed, one simply issues: > > > > echo -n 'simple password' | openssl dgst -sha256 -binary | base91 or base64 > > and then one gets a string with an entropy of over 200, which is more than > > secure. This would one IMHO allow to have a strong passphrase but generated > > with an easy to remember password. > > I'm sorry, but you cannot increase the entropy of "simple password" by > hashing > it. What you propose is "security by obscurity". And that was never a good > idea.
Well, if I use a simple password like: 'Holidays Day 1' and run it through: http://rumkin.com/tools/password/passchk.php for example it gives an entropy of 62.6 bits. If I use now this simple password and run it through my program the result is: e|}]2$8$lI#:#h%|$}ody&qD6h#$RT;$L4^qm??D (sha256+base91) and C9+v21t+2y8atf5y+Yj/TqHenVC//q20WbjzM+jtcLA= (sha256+base64) which gives an entropy of 192.3 and 234.2. Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users