[krxljzdu] password hints for encrypted data at rest

examples of encrypted data at rest:

1. master password for offline password manager
2. full disk encryption
3. encrypted private key
4. combination of a mechanical combination lock

difficulties with encrypted data at rest:

1. if the password is used frequently, there are opportunities for surveillance to discover it, or accidentally using it (out of habit) in the wrong place, thereby accidentally revealing it.  but if the password is not used frequently, you yourself might forget it.
2. probably cannot do multi factor authentication.  maybe there is a way to robustly extract a lot of entropy from something biometric, but it seems hard.  other types of second factor require an active server, not at rest, for example, a server which knows what time it is for a time-based one-time key.
3. cannot lock out after N failed password attempts; again, this would require an active server to count.

solutions:

1. attach unencrypted hints to the encrypted object.  sadly, none of the common programs for situations of encrypted data at rest (above) include such a feature.  the hint should be displayed every time, so that the user can verify that the hint is actually useful.  the hint should be attached to the encrypted object so that it cannot be separated and lost.
2. use key stretching to make it difficult, perhaps infeasible, for an attacker to brute force a password.  although many programs include such a feature, some limit it (OpenPGP / gpg: max 65 million rounds), don't really encourage its use in the program's UI, and don't incorporate the latest technologies (e.g., Argon2).

3. store the password with another person, someone who can and will legally resist authorities asking for the password (privileged communication).  hopefully someone who will also resist other forms of rubber-hose cryptanalysis.

   from an engineering standpoint, best is a system which can have multiple key slots, completely separate passwords, which can unlock the encrypted data.  then, key slots can be disabled (revoked) if trust with a person is lost, though revocation may not be possible if an attacker obtains an old backup.

4. a common situation in which a password gets forgotten is due to a major change in your life.  before the change, perhaps you used the password frequently enough to keep remembering it; after the change (moved, got a new computer), you don't use that password so forget it.  make extra effort to record passwords or add hints before or immediately after major changes in your life.