Ryan McGinnis via Gnupg-users wrote: > The thing is, if you can't remember a string of random words, are you likely > to remember a string 20 random letters, numbers, > and characters? Generally, if your non-randomly-generated password is easy > for you to remember, it's also easy for a > computer to guess. Diceware is the attempt to make something easy as > possible to remember while still being truly > high-entropy. If you're really paranoid you don't use the javascript program > to generator your random phrases, you buy an > EFF book and roll some casino dice. The entropy comes from the dice and so > is verifiable.
How do I do that when traveling, because I can't memorize the diceware pass phrase and then roll dices and tell via a non-secure channel my now generated pass phrase, or do I make a mistake now in thinking? > Probably the best PGP key passphrase would be to have some sort of high > security locally stored password manager like > KeepassXC, encrypt that password database with a good long diceware > passphrase that you train yourself to remember, and then > have that program generate some random 30 or 40 character gibberish passwords > to copypasta into PGP when it asks. While > you're at it, use that to create different random passwords for every site > and service you use. Well, for home usage, I have an offline computer, when using PGP, but I wanted to show/know a good way, for traveling. Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
