People who have difficulties to create a long passphrase and remembering those, when using differrent ones for different use cases.
Then why aren't you using PBKDF2 or Argon2? If you're writing a key derivation app -- use a key derivation function.
Had I used PBKDF2 for my litle program people would have a key which they need to store somewhere, while my program does not store keys,
What are you talking about? Here's the signature for PBKDF2 in Golang's crypto library:
func Key(password []byte,
salt []byte,
iterations int,
keyLength int,
hashFunction func() hash.Hash) []byte
If you need to generate the same key again later, just feed in the same
inputs. You have nothing to keep track of so long as you remember the
passphrase.
With that said would you say that when one inputs his password into an online form that it is equally secure than if one would use my program and use an easy to remember nonsense phrase which gets convert?
I'd advise people to use Firefox's password safe and ability to generate pseudorandom keys for each site you visit. KeePassX is a good open-source alternative for people who want to keep passwords on their desktop machine instead of encrypted in the cloud.
OpenPGP_0x1DCBDC01B44427C7.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
