A last word on --passphrase-fd

ESP evangelo@pigdog.org
21 Jan 2000 11:25:22 -0800

>>>>> "CR" == Chuck Robey <chuckr@picnic.mat.net> writes:
WK> Use unprotected keys. Encrypting something and storing the key WK> on the same medium remembers if of DVDs :0) CR> Uhh. I'm not the crypto-whiz you are. I understand (I think) CR> the DVD story. Can you tell me why needing crypto signatures CR> on output of a cron job equates to the DVD story? No sarcasm CR> here, I really don't know. I think you missed the point. It's not that you don't need GPG from cron jobs, it's that if you -are- using GPG from cron jobs, you shouldn't have a passphrase on the key that's used. I'm not a crypto-whiz, either, but I think I can make an analogy. It's not any good having a great big padlock on your door if you hide the key under the doormat. It's a false sense of security to hide the key, because it's trivial to find it. So, instead, leave the key in the lock, and don't let people get near the door. Leaving the key in the lock is -better- than putting it under the mat, because it will make you nervous and more conscious about who you let near the door, and what you keep behind it. Does that make sense? I guess what I'm trying to say is that having the GPG key and the passphrase stored in the same place is essentially equivalent to having no passphrase at all. So, don't kid yourself and go to the trouble of having a passphrase. ~ESP