Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
149
hpr_transcripts/hpr1888.txt
Normal file
149
hpr_transcripts/hpr1888.txt
Normal file
@@ -0,0 +1,149 @@
|
||||
Episode: 1888
|
||||
Title: HPR1888: Diceware Passphrase
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1888/hpr1888.mp3
|
||||
Transcribed: 2025-10-18 10:49:21
|
||||
|
||||
---
|
||||
|
||||
This is HPR Episode 1888 entitled,
|
||||
Niceware Pastrain, and in part of the series,
|
||||
Privacy and Security.
|
||||
It is hosted by John Newhart,
|
||||
and in about 13 minutes long.
|
||||
The summary is,
|
||||
Demonstration of using the Niceware method
|
||||
of Pastrain Generation.
|
||||
This episode of HPR is brought to you by
|
||||
an honesthost.com.
|
||||
Get 15% discount on all shared hosting
|
||||
with the offer code,
|
||||
HPR15, that's HPR15.
|
||||
Better web hosting that's honest and fair,
|
||||
at An Honesthost.com.
|
||||
Hello, and welcome to another edition of Hacker Public Radio.
|
||||
My name is John Newhart,
|
||||
and today I wanted to talk to you a little bit about past phrases.
|
||||
So we are all told that we should be very diligent
|
||||
about creating past phrases that are non-deterministic,
|
||||
or that we can remember easily.
|
||||
The classic example is the XKCD cartoon
|
||||
of correct horse battery staple,
|
||||
just choosing five words or four words at random.
|
||||
And that is a pretty good way to remember a past phrase,
|
||||
and have it not be a known sentence or phrase,
|
||||
which has shown to be less than ideally chosen for the fact
|
||||
that algorithms can now put together predictable sets of words.
|
||||
They know how English clauses go together,
|
||||
so if it can detect that this noun and this verb go together,
|
||||
it can pretty much predict what other,
|
||||
or shorten the list of available words
|
||||
that it could put together to finish that past phrase.
|
||||
So I came across this technique a little while ago
|
||||
that I hadn't heard about before, called diceware.
|
||||
So this is a method of choosing a past phrase that was developed
|
||||
by Arnold Reinhold,
|
||||
and the process is choosing
|
||||
X number of words at random,
|
||||
but in order to make sure they are truly random,
|
||||
you use dice to choose a number out of a list of words
|
||||
that are pre-generated,
|
||||
but Mr. Reinhold has a list of these words on his website,
|
||||
and world.std.com tilde Reinhold slash diceware.html.
|
||||
And the process is pretty straightforward,
|
||||
so you take five dice,
|
||||
and you roll them,
|
||||
or you can take one die and roll it five times,
|
||||
and that will give you a five-digit integer,
|
||||
which you can then use to look up in this list of words
|
||||
to find the appropriate word that that maps to.
|
||||
So you can choose the number of words that you wish to have in your past phrase
|
||||
in accordance with the amount of entropy that you would like.
|
||||
So people smarter than me have determined that the math associated with this,
|
||||
that each word generated by a diceware gives you 12.9 bits of entropy.
|
||||
The current recommendation is six words,
|
||||
which gives you approximately 76 bits of entropy.
|
||||
And according to distributed.net as of about 2011,
|
||||
given the computational power available at that time,
|
||||
it would take roughly 124 years to crack a past phrase of 76 bits of entropy.
|
||||
So I'm going to walk through the process of generating a diceware past phrase,
|
||||
and then illustrate the commands needed to take your current GPG key,
|
||||
and update that past phrase to the one determined by the diceware process.
|
||||
So I have with me, I have five dies, and a cup.
|
||||
So I'll put those in there, I'll shake them around.
|
||||
I'm going to dump them out.
|
||||
And that gives me five numbers that I'll put together here.
|
||||
So that is five, six, four, six, one.
|
||||
And if I go to Mr. Reinhold's word list,
|
||||
and find that word, five, six, four, six, one,
|
||||
that gives me the word tariff, T-A-R-I-F-F.
|
||||
And then I simply repeat the process.
|
||||
That gives me five more numbers.
|
||||
Which are one, three, three, four, one.
|
||||
And again, if I go to the list,
|
||||
four, one, three, three, four, one,
|
||||
that gives me the word barns, B-A-R-N-E-S.
|
||||
So I do that again, and this time I get the number
|
||||
two, five, four, three, one.
|
||||
And again, if I search for that number, two, five,
|
||||
four, three, one, in the word list,
|
||||
that gives me the word field, F-I-E-L-D.
|
||||
So let's get this process again.
|
||||
And now I have the number four, six, three, four, six.
|
||||
And we go back to the list, four, six, three, four, six.
|
||||
And that gives me the word press, P-R-E-S-S.
|
||||
I'll do one last word here.
|
||||
And the roll of the dice gives us one, three, one, five, four.
|
||||
And on the list, number one, three, one, five, four,
|
||||
is the word A-Z as.
|
||||
So that gives us a five word pass phrase, which with 76 bits of entropy,
|
||||
all lower case. So we could choose to upper case one of these words
|
||||
to make that more, to give us a wider character space.
|
||||
So let's choose to capitalize field.
|
||||
And we can also add a little bit more entropy by randomly replacing one of the characters with a
|
||||
special character or a numeral. So there are instructions on how to do this on the
|
||||
the die square web page. And basically, we roll the dice again.
|
||||
Only need four this time.
|
||||
So we'll roll the dice and the way this works is the first number, which in my case is three.
|
||||
We'll tell us what word to change. So that brings me down to field.
|
||||
Five would tell me what character in that word to change.
|
||||
So one, two, three, four, five would be the last word or the last letter in field, which
|
||||
would be the D. And then there's a table on the website. So the third roll is the row.
|
||||
And the fourth number is the column.
|
||||
Or I'm sorry, backwards. The third number is the column and the fourth number is the row.
|
||||
So on this table, I have three for my column and four for my row, which gives me the
|
||||
character of a double quote. So I would replace the D in field with a double quote.
|
||||
But so now my passphrase is tariff, barns, field with a capital F and a double quote replacing
|
||||
the D press and AZ. So most charmingly, according to the website, the process here is
|
||||
write this down on a piece of paper. Make sure you're doing it on a hard surface.
|
||||
So the data that you're transcribing doesn't, isn't captured on the substrate or
|
||||
that you're pressing against. And then you should memorize this information and then burn
|
||||
the paper and destroy the ashes. Okay. So we're going to update our GPG passphrase with the command
|
||||
GPG dash dash edit key, edit, edit dash key. And then the email identifier of our key. So in my
|
||||
case, I'm using Elvis at example.com, a little test key here. And that will bring me to the GPG
|
||||
prompt. So now I would enter the command password, P-A-S-S-W-D. And in order to make this change,
|
||||
I need to enter the current passphrase for the key. And now that I have entered the correct
|
||||
current passphrase, I can now enter the new passphrase for the secret key. So I'll go ahead
|
||||
and enter my new passphrase, T-A-R-I-F-S-B-A-R-N-E-S, space capital F, I-E-L,
|
||||
double quote, space P-R-E-S-S, space A-Z. And then I just repeat. T-A-R-I-F-S-S-B-A-R-N-E-S,
|
||||
space capital F-I-E-L, quote, space P-R-E-S-S, space A-Z, and voila. I go ahead and type quit.
|
||||
To quit the GPG session, it asks me if I want to save the changes, type yes. And presto, I have
|
||||
an updated passphrase. So now I can test this out by decrypting a document. So GPG decrypt,
|
||||
and then a file name. And it will ask me for the passphrase. I'll use my brand new
|
||||
Dysquare Passphrase to unlock the key.
|
||||
And presto, I have the key or have the contents of that file decrypted. So that's how you
|
||||
generate a Dysquare Passphrase and update your GPG key. I encourage you, if you're interested
|
||||
in this, to take a closer look at the Dysquare Passphrase homepage. Again, at W-O-R-L-D.STD.com.
|
||||
Tilda Reinhold, that's R-E-I-N-H-O-L-D slash Dysquare.html. There's also a nice Wikipedia article on
|
||||
Dysquare. It talks a little bit about the EnterSP statistics. And it's a nice way to get a randomly
|
||||
generated passphrase that isn't predictable, but is yet easy enough that you could
|
||||
memorize it and not have to have it stored anywhere else. So that's it for this edition of
|
||||
Hacker Public Radio. I hope you found this useful and I encourage you to submit a show to
|
||||
Hacker Public Radio about something you find interesting. Take care, bye-bye.
|
||||
You've been listening to Hacker Public Radio at Hacker Public Radio. We are a community podcast
|
||||
network that releases shows every weekday Monday through Friday. Today's show, like all our shows,
|
||||
was contributed by an HBR listener like yourself. If you ever thought of recording a podcast
|
||||
and click on our contributing to find out how easy it really is. Hacker Public Radio was found
|
||||
by the digital dog pound and the infonomicon computer club and it's part of the binary revolution
|
||||
at binrev.com. If you have comments on today's show, please email the host directly, leave a comment
|
||||
on the website or record a follow-up episode yourself. Unless otherwise status, today's show is
|
||||
released on the earth. Create a comments, attribution, share a light, 3.0 license.
|
||||
Reference in New Issue
Block a user