Backup of private key
Matt
yaverot at nerdshack.com
Sat Nov 28 05:59:36 CET 2009
Robert J. Hansen wrote:
> If you are sure that no one will ever guess your passphrase, then you
> could safely publish your private key in the _New York Times_. That
> would be a really extreme case, but you could do it.
But what if you publish it in a paper people actually _read_? :)
While I understand the intent of the statement, and been wanting to
question it for some time (about 3 months). I do believe it to the
limits of my understanding of modern cryptography. But I want to make
sure I'm not missing something by the example using such a weak means of
distribution. I can't say that I've _never_ seen a NYT, but I know I
didn't read the copy that appeared in my elementary school in the 80s.
They've had a good 20 years with which to have folded, or to have
dropped down to a "oh, they still publish?" distribution.
I'll try this modern bent to the question:
If I had a sufficiently good passphrase, would Google returning my
secret key as the first hit result for every search for a day still be
secure?
With my understanding, the answer is _still_ yes.
I am under no delusions that my passphrase is that good. Not that I
have the friends or enemies at Google with which to test it.
More information about the Gnupg-users
mailing list