why we need passphrase
Afzal, Naeem M
naeem.m.afzal at intel.com
Sun Jun 29 00:13:04 CEST 2008
How can I remove this restriction where I don't have to provide passphrase and public key itself is good enough?
>From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org]
>On Behalf Of Faramir
>Sent: Saturday, June 28, 2008 11:08 AM
>To: gnupg-users at gnupg.org
>Subject: Re: why we need passphrase
> Because the key itself is protected by a passphrase. You CAN remove
>that protection, and you can even generate keys without passphrase.. but
>the idea is, if you have to go to the bathroom, and someone else tries
>to read your messages, or steal your key... the thief won't have much
>luck, since if the passphrase is strong, he wont be able to activate the
>key... unless the thief is lucky enough to "guess" the passphrase
>hitting the keyboard randomly...
> A good passphrase would make bruteforce attack infeasible, it won't be
>in any dictionary (so dictionary attacks won't work)... so, if you
>remove the passphrase, you'll want to take extra measures to avoid
>problems... but maybe you know nobody is going to touch your computer...
More information about the Gnupg-users