Theoretical and maybe stupid questions about security
Robert J. Hansen
rjh at sixdemonbag.org
Wed Nov 20 22:55:18 CET 2013
> I wonder how easily my private key(s) ('secgring.gpg') can be cracked
> once somebody get access to it.
No one with two brain cells to rub together will try brute-forcing a
strong passphrase. No one. Assuming your passphrase is strong you
could publish your secret key in the _New York Times_ and still be
completely confident in the security of your communications.
> Q: Is the password stored as an hash and can it be cracked using Rainbow
> Tables? Is it maybe salted?
The passphrase isn't stored as a hash, so much as the passphrase is
hashed (many, many times -- with salt) and the output is used to
attempt to decrypt the secret key. The passphrase is never stored,
though, either in plaintext or in hashed form.
More information about the Gnupg-users