Storing secrets on other people's computers
Robert J. Hansen
rjh at sixdemonbag.org
Fri May 6 00:43:47 CEST 2011
> So, put out a bounty.
You're the one who's talking about basic economics, so let's apply some:
You want me to put my own money at risk (an incredibly small risk, yes, pretty close to epsilon: but not a zero risk) in order so other people can feel better about their GnuPG installations -- but not *you*, since you're apparently already convinced.
Makes perfect sense, economically speaking. You don't bear the risk, so you have no incentives to consider -- much less accept the existence of! -- the downsides. From my perspective, I have incentives to think about the downsides (including the drama downside: see below), and I think you're crazy.
> Posting the key here is free, you say. So, there is no contra. Just go post it. Basic economics...
First, I didn't say it. Daniel said it.
Second, there is a contra: a good number of people will accuse me of pulling a stunt that really proves nothing, that a 64-character random hexstring password is orders of magnitude better than what people use in the real world, that it's a completely unrealistic test, etc. And then, of course, there will be the people who will tell these people, "but that's not what he was claiming, he was only claiming that *with a good passphrase* it's safe." And then there will be the people who are keeping quiet, rolling their eyes, and wondering why, why, why, I felt the need to open such a can of dramaworms.
In fact, I suspect there are already people *right now* who are rolling their eyes and wondering why I opened such a can of dramaworms. In deference to them, I'm going to say nothing further about it.
More information about the Gnupg-users