Don't store your key on a flash drive!

vedaal at hush.com vedaal at hush.com
Mon Aug 21 20:11:16 CEST 2006


>Date: Sat, 19 Aug 2006 21:17:58 -0400
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: Don't store your key on a flash drive! [was Re: GnuPG
>	(GPG)	Problem]

[...]

>> there's nothing inherently dumb about putting a private key on a 

>USB
>> dongle as long as the passphrase is sufficiently strong.
>
>This is quite correct and frequently misunderstood.  After all, 
>the
>secret key encryption is essentially the same symmetric encryption
>that is used to encrypt messages.  If you're trusting it to 
>protect
>your messages, you probably should trust it to protect your key as
>well.


if the secret key was generated before the fix of the 
* quick-check * problem of PGP symmetric encryption,
http://eprint.iacr.org/2005/033

then does the passphrase need to be changed with a newer version of 
gnupg,
or did this only apply to symmetric encryption of messages,
and not symmetric encryption of the secret key?

TIA,

vedaal



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485




More information about the Gnupg-users mailing list