hard-copy backups
Janusz A. Urbanowicz
alex at bofh.net.pl
Thu Jan 5 16:05:55 CET 2006
On Thu, Jan 05, 2006 at 12:21:00AM -0500, Atom Smasher wrote:
> has anyone given any thought to what would be the difference between
> carefully and carelessly making hard-copy backups of secret keys?
>
> i mean, it would be stupid to print a copy of ones secret key (with a weak
> passphrase) and leave it lying on a table next to a window. OTOH, a
> printed copy of a secret key (with a strong passphrase) would probably be
> "secure" in a 10 ton safe.
>
> so how strong should a passphrase be when printing out a secret key in the
> first place? what are the pros/cons of hiding versus securing a hard-copy?
> what other factors should be considered?
>
> bear in mind, these are philosophical questions with philosophical
> answers... i'm not looking for absolutes.
from my experience, all keys for long-term, _safe storage_ (and after
revocation) should be kept with no passphases at all
human memory is very volatile and some day you gonna need to decrypt an old
email encrypted with the key you revoked in 1993[1], and there's is no way
you'll remember the old, long time not used, non-trivial passphrase
alex
[1] Thats actual thing that happened to me two weeks ago.
--
mors ab alto
0x46399138
More information about the Gnupg-users
mailing list