NULL passphrase. Secure?
Daniel Carrera
dcarrera@math.umd.edu
Mon May 19 05:21:03 2003
--UPT3ojh+0CqEDtpF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi all,
While we are on the topic of simplifying GPG for average users, I have a=20
question. For the purposes of the average user, who doesn't really have=20
much to hide and need not worry about impersonation, how bad would it be=20
to have a null passphrase?
A null passphrase means that all an attacker needs to do is obtain the=20
private key from the victim's hard drive. How difficult is that? Is it=20
difficult enough that regular users can afford to not worry about it?
Thanks.
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
--UPT3ojh+0CqEDtpF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iD8DBQE+yE3e1/ZKhTQTHLARApbYAJ40o5/j7y+k3YFKHq7yqFd/2rbZYgCgo1YU
yr4xNc+Q4zGTr9ObGGT2J9s=
=zljX
-----END PGP SIGNATURE-----
--UPT3ojh+0CqEDtpF--