Key safety vs Backup : History of a bad day (key-restoration problem)
atom at smasher.org
Sun Oct 28 11:05:55 CET 2007
On Sun, 28 Oct 2007, Sven Radde wrote:
> Atom Smasher schrieb:
>> in theory, if you're *really* using a strong pass-phrase, you can
>> publish your private key in a public place and rest secure in the
>> knowledge that no known technology can break your 100+ character
>> pass-phrase... and if a hard drive or several go up in smoke you can
>> recover a copy from google's cache ;)
> A few thoughts on this: - You could use the very long passphrase, upload
> to secret key to somewhere and then change the passphrase back to a
> shorter one for daily use.
and then inevitably forget what you used for the *really* secure 100+
character pass-phrase, because you never use it.
> - Instead of doing this, you could just take your secring.gpg, encrypt
> it using "gpg --symmetric" with a really long passphrase and publish the
but this has me thinking... why not combine the "hidden in plain sight"
part with the encrypted part using steganography... use a reasonably
strong passphrase ("reasonable" depends on the needs of the end user) for
your secret key, then hide it in a JPG and post it in a public place. if
you use `outguess` (i'm not sure about other tools) you can even require a
pass-phrase to get the data in/out of the image file, not to mention that
outguess provides a plausible deniability feature.
i know... to many people on this list steganography, like one time pads,
is more of a toy than a real crypto solution, but compared to posting a
secret key in a public (or even an insecure non-public) place i'd say it's
"better than nothing".
even with a reasonably strong pass-phrase i wouldn't want to walk around
with my secret key on a flash-drive with my physical keys, but hidden in a
JPG of family/friends/pets it would be easily overlooked if i lost
possession of the flash-drive. and if all of my drives picked the same day
to die, i'd have a recoverable copy of the secret key.
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"They have computers, and they may have
other weapons of mass destruction."
-- Janet Reno, US Attorney General,
27 Feb 1998
More information about the Gnupg-users