lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed06ba954be8f317c6c89ffd7f08eeccc83aba20
hpr-knowledge-base/hpr_transcripts/hpr1888.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

150 lines
8.4 KiB
Plaintext
Raw Blame History

Episode: 1888
Title: HPR1888: Diceware Passphrase
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1888/hpr1888.mp3
Transcribed: 2025-10-18 10:49:21
---
This is HPR Episode 1888 entitled,
Niceware Pastrain, and in part of the series,
Privacy and Security.
It is hosted by John Newhart,
and in about 13 minutes long.
The summary is,
Demonstration of using the Niceware method
of Pastrain Generation.
This episode of HPR is brought to you by
an honesthost.com.
Get 15% discount on all shared hosting
with the offer code,
HPR15, that's HPR15.
Better web hosting that's honest and fair,
at An Honesthost.com.
Hello, and welcome to another edition of Hacker Public Radio.
My name is John Newhart,
and today I wanted to talk to you a little bit about past phrases.
So we are all told that we should be very diligent
about creating past phrases that are non-deterministic,
or that we can remember easily.
The classic example is the XKCD cartoon
of correct horse battery staple,
just choosing five words or four words at random.
And that is a pretty good way to remember a past phrase,
and have it not be a known sentence or phrase,
which has shown to be less than ideally chosen for the fact
that algorithms can now put together predictable sets of words.
They know how English clauses go together,
so if it can detect that this noun and this verb go together,
it can pretty much predict what other,
or shorten the list of available words
that it could put together to finish that past phrase.
So I came across this technique a little while ago
that I hadn't heard about before, called diceware.
So this is a method of choosing a past phrase that was developed
by Arnold Reinhold,
and the process is choosing
X number of words at random,
but in order to make sure they are truly random,
you use dice to choose a number out of a list of words
that are pre-generated,
but Mr. Reinhold has a list of these words on his website,
and world.std.com tilde Reinhold slash diceware.html.
And the process is pretty straightforward,
so you take five dice,
and you roll them,
or you can take one die and roll it five times,
and that will give you a five-digit integer,
which you can then use to look up in this list of words
to find the appropriate word that that maps to.
So you can choose the number of words that you wish to have in your past phrase
in accordance with the amount of entropy that you would like.
So people smarter than me have determined that the math associated with this,
that each word generated by a diceware gives you 12.9 bits of entropy.
The current recommendation is six words,
which gives you approximately 76 bits of entropy.
And according to distributed.net as of about 2011,
given the computational power available at that time,
it would take roughly 124 years to crack a past phrase of 76 bits of entropy.
So I'm going to walk through the process of generating a diceware past phrase,
and then illustrate the commands needed to take your current GPG key,
and update that past phrase to the one determined by the diceware process.
So I have with me, I have five dies, and a cup.
So I'll put those in there, I'll shake them around.
I'm going to dump them out.
And that gives me five numbers that I'll put together here.
So that is five, six, four, six, one.
And if I go to Mr. Reinhold's word list,
and find that word, five, six, four, six, one,
that gives me the word tariff, T-A-R-I-F-F.
And then I simply repeat the process.
That gives me five more numbers.
Which are one, three, three, four, one.
And again, if I go to the list,
four, one, three, three, four, one,
that gives me the word barns, B-A-R-N-E-S.
So I do that again, and this time I get the number
two, five, four, three, one.
And again, if I search for that number, two, five,
four, three, one, in the word list,
that gives me the word field, F-I-E-L-D.
So let's get this process again.
And now I have the number four, six, three, four, six.
And we go back to the list, four, six, three, four, six.
And that gives me the word press, P-R-E-S-S.
I'll do one last word here.
And the roll of the dice gives us one, three, one, five, four.
And on the list, number one, three, one, five, four,
is the word A-Z as.
So that gives us a five word pass phrase, which with 76 bits of entropy,
all lower case. So we could choose to upper case one of these words
to make that more, to give us a wider character space.
So let's choose to capitalize field.
And we can also add a little bit more entropy by randomly replacing one of the characters with a
special character or a numeral. So there are instructions on how to do this on the
the die square web page. And basically, we roll the dice again.
Only need four this time.
So we'll roll the dice and the way this works is the first number, which in my case is three.
We'll tell us what word to change. So that brings me down to field.
Five would tell me what character in that word to change.
So one, two, three, four, five would be the last word or the last letter in field, which
would be the D. And then there's a table on the website. So the third roll is the row.
And the fourth number is the column.
Or I'm sorry, backwards. The third number is the column and the fourth number is the row.
So on this table, I have three for my column and four for my row, which gives me the
character of a double quote. So I would replace the D in field with a double quote.
But so now my passphrase is tariff, barns, field with a capital F and a double quote replacing
the D press and AZ. So most charmingly, according to the website, the process here is
write this down on a piece of paper. Make sure you're doing it on a hard surface.
So the data that you're transcribing doesn't, isn't captured on the substrate or
that you're pressing against. And then you should memorize this information and then burn
the paper and destroy the ashes. Okay. So we're going to update our GPG passphrase with the command
GPG dash dash edit key, edit, edit dash key. And then the email identifier of our key. So in my
case, I'm using Elvis at example.com, a little test key here. And that will bring me to the GPG
prompt. So now I would enter the command password, P-A-S-S-W-D. And in order to make this change,
I need to enter the current passphrase for the key. And now that I have entered the correct
current passphrase, I can now enter the new passphrase for the secret key. So I'll go ahead
and enter my new passphrase, T-A-R-I-F-S-B-A-R-N-E-S, space capital F, I-E-L,
double quote, space P-R-E-S-S, space A-Z. And then I just repeat. T-A-R-I-F-S-S-B-A-R-N-E-S,
space capital F-I-E-L, quote, space P-R-E-S-S, space A-Z, and voila. I go ahead and type quit.
To quit the GPG session, it asks me if I want to save the changes, type yes. And presto, I have
an updated passphrase. So now I can test this out by decrypting a document. So GPG decrypt,
and then a file name. And it will ask me for the passphrase. I'll use my brand new
Dysquare Passphrase to unlock the key.
And presto, I have the key or have the contents of that file decrypted. So that's how you
generate a Dysquare Passphrase and update your GPG key. I encourage you, if you're interested
in this, to take a closer look at the Dysquare Passphrase homepage. Again, at W-O-R-L-D.STD.com.
Tilda Reinhold, that's R-E-I-N-H-O-L-D slash Dysquare.html. There's also a nice Wikipedia article on
Dysquare. It talks a little bit about the EnterSP statistics. And it's a nice way to get a randomly
generated passphrase that isn't predictable, but is yet easy enough that you could
memorize it and not have to have it stored anywhere else. So that's it for this edition of
Hacker Public Radio. I hope you found this useful and I encourage you to submit a show to
Hacker Public Radio about something you find interesting. Take care, bye-bye.
You've been listening to Hacker Public Radio at Hacker Public Radio. We are a community podcast
network that releases shows every weekday Monday through Friday. Today's show, like all our shows,
was contributed by an HBR listener like yourself. If you ever thought of recording a podcast
and click on our contributing to find out how easy it really is. Hacker Public Radio was found
by the digital dog pound and the infonomicon computer club and it's part of the binary revolution
at binrev.com. If you have comments on today's show, please email the host directly, leave a comment
on the website or record a follow-up episode yourself. Unless otherwise status, today's show is
released on the earth. Create a comments, attribution, share a light, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink