On Sonntag, 13. Dezember 2020 22:20:04 CET Stefan Claas via Gnupg-users wrote: > I will release tomorrow, if time permits, the GUI based versions, > on GitHUb, created with the help of the fyne toolkit.
I'm sorry, but in my opinion this is snake oil. If you think that you can increase entropy ("randomness") by hashing a passphrase a user came up with, then you should really take a basic course on information theory. If the user comes up with an easy-to-guess passphrase and runs it through your program, then s:he will get a hashed easy-to-guess passphrase with a little bit security-by-obscurity sugar on top. But this doesn't add any real security. It only adds complexity (which often means less security; I mean you are putting the passphrase on the clipboard from where it can be grabbed by any other application) because now one needs to use two programs to decrypt something. First your program to calculate the actual passphrase to feed into gpg and then gpg to perform the actual decryption. Why do you think you need "good random input for GnuPG"? GnuPG does have a state-of-the-art key derivation function. If people want to generate a secure random passphrase for gpg, then they should use a secure password generator. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users