Sujet : Re: Using Diceware, BIP39 and leetspeak for Argon2id keys
De : rich (at) *nospam* example.invalid (Rich)
Groupes : sci.cryptDate : 18. Aug 2024, 20:40:30
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v9tine$2gcq3$1@dont-email.me>
References : 1 2 3 4 5
User-Agent : tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Stefan Claas <
pollux@tilde.club> wrote:
Rich wrote:
Then do an actual "memory test". Try to memorize it, then give yourself
varying lengths of time between not 'remembering' it to see how well
you can retain the random words.
Ok. I will do.
I predict you'll find that without periodic refreshment, that after an
unexpected short time, you'll have mis-remembered at least one word or
the order of at least one word.
Well, what would you suggest then,
Dicewords, etc. are good, and have usefulnesses, but are not a panacea.
For some individuals with better memory ability, they will work well.
For a fairly large group of "general people" they will be ok provided
they get periodic refreshing (i.e., usage, to reinforce the memory).
And for some subset of "general people" they won't be able to remember
even six dicewords in their native language accurately the very next
day.
The solution, as Bruce Schriber has stated, is to "write them down" and
store the slip of paper in some reasonably secure manner (one of his
recommendations was on one's wallet). Naturally if dealing with
spycraft and border searches then this changes radically, but for that
usage all but the worst subset of memories could likely replay six dice
words in their head just long enough to make it through a border
crossing search (to be written down again on the other side of the
border).
They *very much* do improve over asking a human to remember something
like (this is just the md5sum of 1k of /dev/urandom data):
038d71180f7880dca1125e160e1258df
But for all but the, say, top 10% of memory ability folks, they will
need to be "using" the diceword phrase on a fairly regular basis to
have any hope of remembering them long term.
Beyond the few 'memory savants', most human memories, without periodic
refreshing, are quite lossy. More like DRAM than SRAM.
Well, then old school saying: practice makes perfect.
For all but the bottom 10% of memory ability folks, likely yes, but
they do need a reason to 'practice' the phrase. Without that practice
they will have it quickly slip their mind.
Using Diceware, BIP39 and leetspeak for Argon2id keys
Re: Using Diceware, BIP39 and leetspeak for Argon2id keys