private key protection
mick.crane at gmail.com
Mon Jun 25 20:37:51 CEST 2012
On Mon, June 25, 2012 5:00 pm, Robert J. Hansen wrote:
> On 06/25/2012 11:44 AM, Werner Koch wrote:
>>> cracking the symmetric encryption used to protect the private key is
>>> comparable to the problem of cracking an encrypted message's session
>> No, it is not. The entropy in a session key matches the size of the
>> session key. The key used to protect the private key is commonly much
>> weaker. A passphrase providing an adequate amount of entropy is not
>> useful because a user won't be able to remember it correctly.
> Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom
> dropped into base64. It took me a weekend to memorize it, but the peace
> of mind has been well worth it.
> It is possible, though, that I'm demented. :)
reading this it occurs it me that keyboards are cheap so it would be
reasonable to swap all the keys about on a keyboard and then use some
easily memorably combination of real words to save on so much memorizing.
More information about the Gnupg-users