patrick.plattes at gmx.de
Thu Jan 5 07:39:35 CET 2006
Atom Smasher wrote:
> has anyone given any thought to what would be the difference between
> carefully and carelessly making hard-copy backups of secret keys?
> i mean, it would be stupid to print a copy of ones secret key (with a
> weak passphrase) and leave it lying on a table next to a window. OTOH,
> a printed copy of a secret key (with a strong passphrase) would
> probably be "secure" in a 10 ton safe.
> so how strong should a passphrase be when printing out a secret key in
> the first place? what are the pros/cons of hiding versus securing a
> hard-copy? what other factors should be considered?
i think you are mixing up two different things. on the one hand you have
the problem of security of your data, e.g. no one should read your
mails, etc. . on the other hand you have the problem of date recovery.
for security you are using a very well gnupg setup.
for data recovery you realy need a copy of your keys. paiper is one of
the most robust medium to backup date (the egyptain know a more robust
medium, but the usual computer user is not able to use a hammer and a
chisel ;) ). i think you shoud take your paper (or flagstone), put them
into a sealed envelope. give it to you local bank. the german bsi has
written a book called it-grundschutzhandbuch imho there is also an
english version avalable. maybe you want to read this.
> bear in mind, these are philosophical questions with philosophical
> answers... i'm not looking for absolutes.
> btw, if anyone prints out their secret key for backup, here's a few
> lines of shell code that will print a (non-cryptographic) checksum for
> each line. this way if you have to recover your key from hard-copy,
> it's *much* easier to find mistakes. an example of the output looks
> like this (indented):
> -----BEGIN PGP PUBLIC KEY BLOCK----- 3675205589 37
> 3515105045 1
> 2185591463 65
> 3919870367 65
> 1339170163 65
i know this little trick from the c64. there was a program called mse :)
have a nice day,
More information about the Gnupg-users