Secret key storage question
Gordon Worley
redbird at rbisland.cx
Tue Jun 18 17:20:01 CEST 2002
When secret keys are stored in GnuPG, how much does the passphrase
protect them?
I'm trying to figure out a couple of things. For example, if the
passphrase is being used to keep the secret keys unreadable, then am I
correct in thinking that your passphrase should be the same length as
the key it's protecting so that a brute force attack on either would
take just as long? Also, if not, is the passphrase just a way of making
sure the user really wants to do something (like sign a document) and
didn't accidently sign something that they shouldn't have? And that a
friendly person who the key's owner trust doesn't `accidently' sign
something for the key's owner (in other words a party that wouldn't
steal the key, but might make unauthorized use of it)?
--
Gordon Worley - Mac GPG Project
http://macgpg.sourceforge.net/ ``Doveriai no proveriai.''
redbird at rbisland.cx --Russian proverb
PGP: 0xBBD3B003
More information about the Gnupg-devel
mailing list