Connecticut DSS Requirements for Electronic Signatures

Werner Koch wk at
Wed Jan 3 09:22:15 CET 2007

On Wed,  3 Jan 2007 05:28, vince at said:

> It been proved over and over that changing passwords often is bad.  The
> reason you ask?  People write them down. Just like the people that put a
> post-it on the back of a debit card with the PIN.

With passphrases used to protect private keys there is another
argument against the requirement to change a passphrase: The
passphrase is designed as failstop measurement in case the private key
ever leaks out.  Now, if the private key has actually leaked, changing
the passphrase won't help because breaking the old passphrase would
reveal the same private key.

Even worse, if an attacker has access to (say) regular backups of the
protected private key, a scheduled passphrase change will make it
easier for him to break that protection.  The chance that a dictionary
attack succeeds gets better if there are more attack targets
ultimately revealing the very same private key.



More information about the Gnupg-users mailing list