Storing secrets on other people's computers
Jerome Baum
jerome at jeromebaum.com
Fri May 6 01:08:46 CEST 2011
On Fri, May 6, 2011 at 00:45, Anthony Papillion <papillion at gmail.com> wrote:
> Does having possession of your secret key really make you less secure?
>
Yes.
> I mean the whole purpose of a passphrase is because you assume your
> secret key is *not* safe simply being unprotected in your possession.
Law enforcement, hackers, even friends could *easily* get physical
> access to your key so it's the passphrase that's of value.
>
You get practical security by adding more and more hurdles to get to your
data. Your password is -- hopefully -- a kind of "wall" they have to break
through. As is gaining access to your key.
A: They need your password to get at the data. Now your data is exactly as
secure as your password.
B: They need your password *and your keyfile* to get at the data. Now your
data is as secure as your password, and even further.
Of course, if there is a cost involved with keeping your keyfile secret --
and there is always *some* cost involved with everything -- then it becomes
a trade-off. See the email I'm about to post.
--
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110506/14c95583/attachment-0001.htm>
More information about the Gnupg-users
mailing list