On forgetting passphrases

01.01.2014 19:57

If you're using encryption to protect your mail and personal files you might find this lesson useful. This goes double if you are (like me) trying religiously to avoid any holes or bit rot in your personal project archive. The gist of it is that you will sooner or later forget a password or a passphrase that you are not actively using.

Consider the case of changing your expired GPG key. If you forget the passphrase for the expired GPG key, you will lose access to your old encrypted mail. It seems obvious in hindsight, but I only realized that after finding out that after a few months of disuse I am unable to recall the old passphrase. I had to say goodbye to an (admittedly small) part of my mail archive.

On a similar note, an encrypted home directory on an old computer will soon be a bag of random bits after you switch to a new machine and change your user password. If forgetting old passwords used to be easy to circumvent (with init=/bin/bash and other venerable tricks), it's impossible now unless you can recall the keyboard sequence from muscle memory. I thoroughly clean out old hardware that leaves my hands. However if a laptop just ends up sitting in a drawer somewhere I'm usually sloppy enough that I often need to lift some old project files from a disused disk drive.

It's easy to avoid this problem once you know it exists. You can write the old GPG passphrase down somewhere or even remove it from the old secret key, depending how concerned you are about the content of old mail. Or you can keep the passphrases for old keys in sync with the new key. And move files you want to retain from old hardware. That saves it from stuck disk bearings as well.

Posted by Tomaž | Categories: Life

Comments

It is harder to forget a password if you rely on something other than muscle memory. Let's say you have a password 1bfejotm3tiar, which is an acronym for "one big fat elephant jumped over the moon three times in a row". But when you use the password daily, you quickly start relying on muscle memory, which is much faster. You never think of the sentence again and you forget it with time (you still know there is some elephant jumping, but the details are gone). Some time after you change the password, the mechanical memory is lost and you are left with nothing. Much worse, you might also forget the password while it's still current, but in this case you will probably remember it some other time.

The solution is to once in a while stop and think about your mnemonic sentence before typing the password. This way, you will remember it much longer. Of course this doesn't really solve your problem, it just postpones it. :)

Lep pozdrav,
Matej (sošolec iz faksa)

Posted by Matej

Add a new comment


(No HTML tags allowed. Separate paragraphs with a blank line.)