You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wrote a tool named offkey to print small secrets / cryptographic keys (for long term, non-digital storage). It takes obvious inspiration from Paperkey but does things quite a bit differently.
One of these things is encrypting the secrets with age and asking the user to write down a randomly generated passphrase on the printout (by hand). Since printers are generally not expected to keep transport / transient data about their prints safe against malicious interference this makes the security of the process easier to reason about.
Since recovery of the secret (after scanning the QR code and thus getting back the age armored secret) is "just" using plain age, I used exactly the same passphrase generation algorithm (and by "used" I mean, I copied it verbatim).
Now the question: is making passphrase-based applications that recover via age a use case that might warrant to either a) make randomWord public or b) moving into it's own mini library?.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I wrote a tool named offkey to print small secrets / cryptographic keys (for long term, non-digital storage). It takes obvious inspiration from Paperkey but does things quite a bit differently.
One of these things is encrypting the secrets with
ageand asking the user to write down a randomly generated passphrase on the printout (by hand). Since printers are generally not expected to keep transport / transient data about their prints safe against malicious interference this makes the security of the process easier to reason about.Since recovery of the secret (after scanning the QR code and thus getting back the
agearmored secret) is "just" using plainage, I used exactly the same passphrase generation algorithm (and by "used" I mean, I copied it verbatim).Now the question: is making passphrase-based applications that recover via
agea use case that might warrant to either a) make randomWord public or b) moving into it's own mini library?.If yes to either I could support with a PR.
Beta Was this translation helpful? Give feedback.
All reactions