On Sonntag, 13. Dezember 2020 22:20:04 CET Stefan Claas via Gnupg-users wrote:
> I will release tomorrow, if time permits, the GUI based versions,
> on GitHUb, created with the help of the fyne toolkit.

I'm sorry, but in my opinion this is snake oil.

If you think that you can increase entropy ("randomness") by hashing a 
passphrase a user came up with, then you should really take a basic course on 
information theory.

If the user comes up with an easy-to-guess passphrase and runs it through your 
program, then s:he will get a hashed easy-to-guess passphrase with a little 
bit security-by-obscurity sugar on top. But this doesn't add any real 
security. It only adds complexity (which often means less security; I mean you 
are putting the passphrase on the clipboard from where it can be grabbed by 
any other application) because now one needs to use two programs to decrypt 
something. First your program to calculate the actual passphrase to feed into 
gpg and then gpg to perform the actual decryption.

Why do you think you need "good random input for GnuPG"? GnuPG does have a 
state-of-the-art key derivation function.

If people want to generate a secure random passphrase for gpg, then they 
should use a secure password generator.

Regards,
Ingo

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to