Storing secrets on other people's computers

Jerome Baum jerome at
Fri May 6 01:08:46 CEST 2011

On Fri, May 6, 2011 at 00:45, Anthony Papillion <papillion at> wrote:

> Does having possession of your secret key really make you less secure?


> I mean the whole purpose of a passphrase is because you assume your
> secret key is *not* safe simply being unprotected in your possession.

Law enforcement, hackers, even friends could *easily* get physical
> access to your key so it's the passphrase that's of value.

You get practical security by adding more and more hurdles to get to your
data. Your password is -- hopefully -- a kind of "wall" they have to break
through. As is gaining access to your key.

A: They need your password to get at the data. Now your data is exactly as
secure as your password.

B: They need your password *and your keyfile* to get at the data. Now your
data is as secure as your password, and even further.

Of course, if there is a cost involved with keeping your keyfile secret --
and there is always *some* cost involved with everything -- then it becomes
a trade-off. See the email I'm about to post.

Jerome Baum

tel +49-1578-8434336
email jerome at
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110506/14c95583/attachment-0001.htm>

More information about the Gnupg-users mailing list