Storing secrets on other people's computers

Robert J. Hansen rjh at
Fri May 6 00:43:47 CEST 2011

> So, put out a bounty.

You're the one who's talking about basic economics, so let's apply some:

You want me to put my own money at risk (an incredibly small risk, yes, pretty close to epsilon: but not a zero risk) in order so other people can feel better about their GnuPG installations -- but not *you*, since you're apparently already convinced.

Makes perfect sense, economically speaking.  You don't bear the risk, so you have no incentives to consider -- much less accept the existence of! -- the downsides.  From my perspective, I have incentives to think about the downsides (including the drama downside: see below), and I think you're crazy.

> Posting the key here is free, you say. So, there is no contra. Just go post it. Basic economics...

First, I didn't say it.  Daniel said it.

Second, there is a contra: a good number of people will accuse me of pulling a stunt that really proves nothing, that a 64-character random hexstring password is orders of magnitude better than what people use in the real world, that it's a completely unrealistic test, etc.  And then, of course, there will be the people who will tell these people, "but that's not what he was claiming, he was only claiming that *with a good passphrase* it's safe."  And then there will be the people who are keeping quiet, rolling their eyes, and wondering why, why, why, I felt the need to open such a can of dramaworms.

In fact, I suspect there are already people *right now* who are rolling their eyes and wondering why I opened such a can of dramaworms.  In deference to them, I'm going to say nothing further about it.

More information about the Gnupg-users mailing list