Passphrase Encoding and Entropy

[Werner Koch]

Hi!

Please don't forget that the passphrase is only used to protect the
secret key.  It is a last resort protection mechanism.  If someone was
able to get your secret key you are better off to revoke the key and
consider it compromised.  The passphrase gives you some time to get
the word (i.e. the revocation) spread.  Don't rely on the passphrase.

There is one exception:  When using the -c mode, only the passphrases
protects the data and in nthis case you should really make sure that
it is a good passphrase.


Salam-Shalom,

   Werner