private key protection

michael crane mick.crane at
Mon Jun 25 20:37:51 CEST 2012

On Mon, June 25, 2012 5:00 pm, Robert J. Hansen wrote:
> On 06/25/2012 11:44 AM, Werner Koch wrote:
>>> cracking the symmetric encryption used to protect the private key is
>>> comparable to the problem of cracking an encrypted message's session
>>> key.
>> No, it is not.  The entropy in a session key matches the size of the
>> session key.  The key used to protect the private key is commonly much
>> weaker.  A passphrase providing an adequate amount of entropy is not
>> useful because a user won't be able to remember it correctly.
> Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom
> dropped into base64.  It took me a weekend to memorize it, but the peace
> of mind has been well worth it.
> It is possible, though, that I'm demented.  :)
reading this it occurs it me that keyboards are cheap so it would be
reasonable to swap all the keys about on a keyboard and then use some
easily memorably combination of real words to save on so much memorizing.


keyID: 0x4BFEBB31

More information about the Gnupg-users mailing list