NULL passphrase. Secure?
Mon May 19 05:21:03 2003
Content-Type: text/plain; charset=us-ascii
While we are on the topic of simplifying GPG for average users, I have a=20
question. For the purposes of the average user, who doesn't really have=20
much to hide and need not worry about impersonation, how bad would it be=20
to have a null passphrase?
A null passphrase means that all an attacker needs to do is obtain the=20
private key from the victim's hard drive. How difficult is that? Is it=20
difficult enough that regular users can afford to not worry about it?
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----