simple, secret, algorithm implications when communicating with yourself?



OK, I understand why it is bad, if Alice and Bob want to communicate, to
depend on keeping their algorithms secret in order to maintain security.

But how about where Alice is only talking to herself? Here's the situation.
Alice has an important file, encrypted with her gpg public key. She has a
good pass phrase protecting her private key: it's got lower case and upper
case letters, digits, punctuation, and is long enough to be safe from brute
force. She's firmly memorized it, but wants some way to recover if,
somehow, she happens to forget it.

Let's call this pass phrase KEY1.

So, suppose Alice were to do this. She logs in on her Linux box. She opens
her favorite editor, and enters this:

sha1sum |
sha1sum |
sha1sum |
sha1sum |
...
sha1sum

where there are 1960 lines (she was born in 1960).

She saves this to a temp file, foo. Then she types this in bash:

. foo

and types "secret", presses ENTER, and hits control-D. The output is this:

9f6b3b0aa66541e567f5273d877e7ba0c7684d04 -

Basically, her little script has taken her input, computed SHA1, output it
in a text format, computed SHA1 of that, and so on, 100 times.

Now she takes that 9f6b3b0aa66541e567f5273d877e7ba0c7684d04 and uses it as
a key to encrypt KEY1.

She then deletes foo (using a secure delete if she's using a filesystem that
supports it).

Her intent is to never need to decrypt that encrypted copy of KEY1. The
only time she will do that is if she manages to forget KEY1, then she will
fire up her text editor, type in her iterative sha1 script, run it to get
the key to decrypt KEY1, decrypt KEY1, and re-memorize it.

So, although she has picked a simple algorithm, and is keying it with a weak
key (the word "secret" and her birthyear), it seems reasonable that she CAN
keep the simple algorithm secret (assuming she really only uses it on those
very rare occasions when she forgets KEY1). Essentially, the algorithm is
part of the key here. I have no idea what the effective key size of this
is, but my guess is that it is pretty large.

Is security through obscurity actually OK in this situation?

--
--Tim Smith
.