KeePass or any other password wallet to store and transport keys
Faramir
faramir.cl at gmail.com
Sat Jul 28 04:17:02 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 26-07-2012 8:43, Heinz Diehl escribió:
> On 26.07.2012, Faramir wrote:
>
>>> That's security through obscurity assuming the other one won't
>>> know where to search for the key, which is not stored with
...
>> Not right, if your secret key is protected by a passphrase (or
>> strong password), it doesn't matter if the attacker know where to
>> find it.
>
> It does matter. Because the software which has generated the key
> can be flawed, and thus can have generated a flawed key. Nobody has
> to know about such flaws, it's quite likely that an attacker
> chooses not to publicate information about that, with the effect
> that he/she can use the security hole longer (maybe forever). If
> it's reported, it will be fixed immediately.
Wait, now I'm lost here... we were talking about how to prevent an
attacker from getting an usable private key, so I don't see how the
quality of the key has anything to do with it.
>> Actually, the attacked is very likely to know where it is, since
>> probably it will be at the default folder.
>
> This is why smartcards exist.
Well, yes, but we were talking about keys not stored on smartcards,
but on normal storage devices (like hdd or USB flash memory).
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJQE0ueAAoJEMV4f6PvczxAJVQH/3cz7MZ3rIdQVDzCxhhWxfv4
e+9kSuiB465UqeI/aFb7weEDVTs5dVYzhHsZ7VU6dx4LE4KI2m2M/vkscqpRWZMj
Srs+PpP8yBbO/f6ibBqYfNaZX53gtMYJtdIRHP3bQUvCj3CV9FLYG8PDHBLosY2F
0rtuoS6sOitUcDZGl6EXCHk9gXxXLRzH7IWYoE1PSIKvm+ZQQ99RyE2NBwDPb41a
RsK/xD8S8ZYX692Dfi9TZnlUoe0XnGsu6yiWaQAqlY3APPckVU84Uh2VhJRHu7Rk
MJmYbMUt2gWKVXkiNrYtuOV2v3dRBDSYRCohCNSe82Acq8zNa8YiiZstcCpAUWE=
=fHSd
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list