private key protection

Jerome Baum jerome at
Tue Oct 18 16:23:42 CEST 2011

> Well, not quite.  Eventually you would get it.  The task of security
> systems is to make "eventually" be longer than:
> o  the payoff is worth; or
> o  the time it takes to be discovered; or
> o  the time it takes for the secured object to lose its value.
> Statistically, that is.  You could get it right on the first try, but
> you very probably won't.  You are guaranteed to get it right if you
> try every possible value.

Right, that's a good point I think we all considered "trivial" when
maybe we shouldn't have. In your threat model you should determine for
how long your data should be safe (per attacker type) before you go
ahead and make decisions about key protection.

While we're discussing the STEED proposal in the other thread, do you
think it's better to educate your users and risk loosing them or do you
think it's better to provide "sensible" defaults for the "average"
threat model and assume they'll learn everything else over time and
start tweaking?

I suppose the latter model fits the "power user" case well, where they
start using the tool and eventually learn about other features and start

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA

More information about the Gnupg-users mailing list