half-baked idea for a strong passphrase
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
This idea I've had is probably nonsense, but I thought I would present it here for critique and/or improvements. Forgive the long-windedness!
I used to live in hurricane country, now I live in tornado & wildfire country. So I am mindful of critical data backups that can be recovered/restored after house and auto are lost.
Since it is not a good idea to keep personal data at work, due to my workplace, one option that remains is free cloud storage. OneDrive, DropBox, Google Drive, etc. Free (up to a point), available anywhere on planet Earth, etc. But I assume any and all data files stored with a cloud provider will be compromised sooner or later.
I have enormous faith in VeraCrypt's robustness, but a hacker who steals my container file from the cloud could spend a ton of (stolen) CPU cycles trying passwords. So I wanted to come up with a password scheme that will defeat serious brute force, dictionary, and hybrid attacks. Here is my idea...
begin with a simple seed-phrase;
"redherring"
input that seed-phrase into an MD5 hash calculator, outputting 32 hex characters.
concatenate that 32-hex string with itself, resulting in 64 characters.
replace some characters with a favorite pattern; for example, replace the first 3 and last 3 characters with the = character.
that is your VeraCrypt passphrase!
create a VC container file, load it with critical personal data, unmount and upload to cloud provider.
so lets walk through the Day After Doomsday scenario.
house & car get wiped out. I escape to a friend's or relative's house.
I download my VC container file to local disk.
I download portable VC to disk.
I open up Windows Notepad
I type in my seed-phrase "redherring"
I websurf to an online MD5 calculator and enter my seed-phrase
I copy/paste the MD5 hash value to Notepad, and concatenate it with itself
I edit the 64-character string with my favorite pattern
I copy/paste the 64-character passphrase into the portable VeraCrypt mount dialog box.
now I have local access to all my critical data.
Flawed? Strong but over-the-top? What do you think?
Regarding using cloud storage for file containers, read the link below for cavets.
https://www.veracrypt.fr/en/How%20to%20Back%20Up%20Securely.html
handling data, you have different goals: Confidentiality, Integrity, and Availability.
You are risking Availability here. People forget passwords or passphrase derivation schemes regulary.
The key here is: "I escape to a friend's or relative's house."
So here is the scheme i recommend in your circumstances:
1.) use a keyfile + phrase
2.) Look up notarys in your country which publish their gpg-public-key
3.) write (but not send) a nice email to them:
"Dear Mrs. ${Notary},
upon receiving this Email please provide me, ${JonDoe}, with the data below.
Fees are paid "as and when" that data is provided.
keyfile attached.
storage location=${URL},
storage password=${phraseA},
encryption passphrase=${phraseB}"
4.) encrypt that message, so that any of your selected notarys will be able to read it.
5.) store the encrypted message to a file and spread it among your friends and relatives.
by this you map your problem to the structures which evolved over centuries and seem to work.
as notarys may loose their keys as well, the procedures above build on several redundant notarys.
Last edit: Anonymous 2019-03-15