Backup of private key

Matt yaverot at nerdshack.com
Sat Nov 28 05:59:36 CET 2009


Robert J. Hansen wrote:
> If you are sure that no one will ever guess your passphrase, then you
> could safely publish your private key in the _New York Times_.  That
> would be a really extreme case, but you could do it.

But what if you publish it in a paper people actually _read_? :)

While I understand the intent of the statement, and been wanting to
question it for some time (about 3 months).  I do believe it to the
limits of my understanding of modern cryptography.  But I want to make
sure I'm not missing something by the example using such a weak means of
distribution.  I can't say that I've _never_ seen a NYT, but I know I
didn't read the copy that appeared in my elementary school in the 80s.
They've had a good 20 years with which to have folded, or to have
dropped down to a "oh, they still publish?" distribution.

I'll try this modern bent to the question:

If I had a sufficiently good passphrase, would Google returning my
secret key as the first hit result for every search for a day still be
secure?

With my understanding, the answer is _still_ yes.

I am under no delusions that my passphrase is that good.  Not that I
have the friends or enemies at Google with which to test it.




More information about the Gnupg-users mailing list