Lost passphrase

Henry Hertz Hobbit hhhobbit at securemecca.net
Wed Apr 18 06:14:00 CEST 2007


Thomas Sowa <groups at sowa.cc> wrote:

<SNIP>

I have read what everybody has said on the subject and one
thing needs to be said again.  THE DEFAULT EXPIRE FOR A NEW
KEY NEEDS TO BE FOR TWO YEARS FROM DATE OF KEY CREATION!
If they want to change it after they have used them for a
while and like what they have, then they can extend the
TTL for a greater period of time.

I was going to go into detail on why but rather than doing
that, Thomas, wouldn't you like your first key to eventually
die (even though it looks like it was created less than
four months ago)?  Don't the rest of you want the same?

I DO!

Most of the people that are in this situation will have lost
their pass-phrase and will not have used their keys for 1-2
years. With luck it will be over two years, and the old keys
will have already gracefully expired and died.  It seems like
geniuses (excuse me for not being in that category) would
see this.

For that matter, I think the pressure to shove their keys
on to key-servers immediately just needs to be dropped.
I finally caved in and put my keys on the key-servers even
though my keys are obviously tied to a nom-de-guerre and
therefore are NOT part of the WOT.  BUT THEY HAVE A TTL OF
LESS THAN ONE YEAR NOW!  When they die, they die, and I
will generate a new set of keys, just like Johannes
Ulrich (SANS) and others do.  His time span is a year though.
My new keys will also have a TTL, and it won't be infinity!
Increasing computing power alone have made such things as
DES almost laughable now.  Keys shouldn't be made with the
idea that they can last forever.

I don't blame Thomas.  People make mistakes.  A system that
doesn't take that into account needs to make some changes
to minimize the impact of a mistake.

HHH



More information about the Gnupg-users mailing list