Hector Martin

Not that it matters but you also have to post the master backup file

You gotta break into a datacenter for that one :-D (Seriously though, it's a chain of things including storage striped over several individually FDEd disks, not a single file; that's my disaster recovery master password for a cold start in case my house burns down).

76 characters? You have me beat. Most of my root passwords are UUIDs or derived from them - I figure 124 bits of /dev/urandom is enough.

Of course, since I also have SSH password login disabled, even cracking it won't do you any good unless you have local console or an SSH client certificate session to "su" from...

I never said that, and I think it's unfair to mischaracterize our discussion. What I said is that average entropy of user passwords today is somewhere around 40-50 bits. Wrapping with those passwords is ineffective against modern attacks.

You said that afterwards :-) The fact is, properly long passwords *do* provide significant cryptographic security, which is why key wrapping is still a good idea.

so you exposed your decryption key to a computer just to hash it and post a tweet! You are doing it wrong, you can encrypt backups using a public key and store the private key in a Yubikey ;)

This is an offsite disaster recovery key, it's very deliberately a very long symmetric key so I do not need to rely on physical artifacts that I might lose to use it.