A last word on --passphrase-fd

Chuck Robey chuckr@picnic.mat.net
Fri, 21 Jan 2000 15:11:45 -0500 (EST)

On 21 Jan 2000, ESP wrote:

> >>>>> "CR" == Chuck Robey <chuckr@picnic.mat.net> writes:
> WK> Use unprotected keys. Encrypting something and storing the key
> WK> on the same medium remembers if of DVDs :0)
> CR> Uhh. I'm not the crypto-whiz you are. I understand (I think)
> CR> the DVD story. Can you tell me why needing crypto signatures
> CR> on output of a cron job equates to the DVD story? No sarcasm
> CR> here, I really don't know.
> I think you missed the point. It's not that you don't need GPG from
> cron jobs, it's that if you -are- using GPG from cron jobs, you
> shouldn't have a passphrase on the key that's used.
> I'm not a crypto-whiz, either, but I think I can make an analogy.
> It's not any good having a great big padlock on your door if you hide
> the key under the doormat. It's a false sense of security to hide the
> key, because it's trivial to find it. So, instead, leave the key in
> the lock, and don't let people get near the door.
> Leaving the key in the lock is -better- than putting it under the mat,
> because it will make you nervous and more conscious about who you let
> near the door, and what you keep behind it.
> Does that make sense? I guess what I'm trying to say is that having
> the GPG key and the passphrase stored in the same place is essentially
> equivalent to having no passphrase at all. So, don't kid yourself and
> go to the trouble of having a passphrase.
That makes sense, yes, thanks (I didn't understand "unprotected"). I am going to use passphrases because "I was told to", but you make a good argument, I guess. I was told adding a passphrase in a fairly well hidden file would *somewhat* increase it's security. Of course, if someone gets root on my machine, it's all up anyhow.
> ~ESP
---------------------------------------------------------------------------- Chuck Robey | Interests include C & Java programming, FreeBSD, chuckr@picnic.mat.net | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. ----------------------------------------------------------------------------