KeePass or any other password wallet to store and transport keys
Faramir
faramir.cl at gmail.com
Wed Jul 25 03:23:04 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 22-07-2012 19:39, antispam06 at sent.at escribió:
> On Sun, Jul 22, 2012, at 16:25, Doug Barton wrote:
...
>> Your private key is encrypted, right? Use a strong password for
>> that and you're in fine shape.
>
> Yes, security through obscurity. A possible attacker won't know for
> sure which key is the useful one without opening the keychain. Or
> can he know?
I don't know why do you say security through obscurity. Private keys
can be stored encrypted, so even if somebody steal them, the thieve
can't use them. That is security through encryption.
A hacker will know what key he needs to open a file, because the
encrypted file say it, unless the sender selects hide recipient's key
or something like that. By default, the file say the ID of the key
required to decrypt it. But that is a different thing, and has nothing
to do with storing the keyring inside a Keepass database.
> While we're at this one: the reason I am using KeePass is because I
> have a hard time remembering one strong password. Having about 50
> of them, a different one for each account, it's a true pain. But a
> passphrase is something completely different. It's harder to type.
> It employs far less characters. Yet it can be looong. How about
> that? Is that any better? 45 ASCII lowercase with a uppercase ASCII
> and a couple of signs is better than 16 random alphanumerics and
> signs?
I bet it is, as long as that 45 characters passphrase is not
something that could be found on dictionaries, or combining dictionary
words. But probably it is an overkill. Anyway, Keepass has a built in
password strength estimator, measured in bits. I don't know what is
the criteria to measure the strength, but I know it is not only based
on the characters used, it also include the order used (once I was
testing it, and swaped 2 characters, and the strength increased). If
your password's strength is 128 bits or more, it won't be feasible to
bruteforce it (probably the infeasible level is reached with less bits
too, but I don't know where is the limit). Of course, if it is
vulnerable to dictionary attacks, then you are toasted.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJQD0p4AAoJEMV4f6PvczxAKdcIAITDNgsKy+SVzBdouq/RIsb/
VEfFthC7z+kOjTNXVTFNbZfkNsDNAJTwntYggAN8xyH5HaygjFXJBFdBFj4f6E8c
4tjS9yc1Qi1c+xPRPTMowRmLgPp06EZba+im11+APZ/plv5/I+FdyY74XEJojfRg
aQqy0SvsQlmdeoc9MVMW/F/uXxuywVcws4KsytH+AHq4CiL/BmJWj8kS3eX9gu1f
4/SjhbJ2I09tf9rBbm2+vtAuY7kpmcgm2h+Lkhn0I2az0MggBUeZvODkTD7iNOOC
kgAQqCqvJe+mt8qm0VLoyK5hKPcahLElOombJBrmXwXIhfNvDL/6qhsQXpA4geU=
=HlJ9
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list