Imagine that you have very valuable passphrase which you use once a few months and you want to avoid backups, because you're a bit paranoid.
It's super hard to remember typical passwords like "K35e^es$EF". And it's a lot of work hard to memorize sequences of random words like "horse battery staple correct".
What's a lot easier to remember is a unique freestyle sentence which you composed by yourself. Like this: "Let's encrypt end to end, PGP is my friend".
Now, when you try to recall it after 3 months after last use... Was it two sentences separated by dot? Or maybe there was a comma? Maybe no punctuation at all?.. Did it start with capital or small "L"?.. Was there a dot in the end?..
So I'm writing a software which will make use of such passphrases. It will run a passphrase through KDF (scrypt) and use output to create PGP or Bitcoin private key. Yes, it's aimed only at users who can estimate entropy of their input. I'm going to preprocess the passphrase: lowercase it and remove most common punctuation like [,.!?:;-]. This way, it'll eliminate most common errors introduced by user's verbal memory, without losing too much of entropy.
This all seems self-evident to me, but for some reason I've never heard about punctuation-insensitive password KDFs/hashes. There is case-insensitive LM hash, but it must be only due to legacy software limitations. So maybe there is something deeply wrong with my approach, but I just don't notice it?
