Where to save passphrases?

Mathias Bauer mbauer at mailbox.org
Sat Jul 26 01:43:26 CEST 2014


* Schlacta, Christ wrote on Fri, 25 Jul 2014, at 15:25 (-0700):

> I might suggest using the same passphrase...

I don't want to sound harsh, but at this point you should hold on
reading.  "Using the same passphrase" should nowadays lead to big
red STOP signs flashing up.

> ...you use for your password manager for GPG.  So long as you
> use a strong passphrase and practice good password practices on
> this password, it should remain uncompromised.

Solving the problem of memorizing/storing the GnuPG passphrase by
using another layer of software means adding further complexity.
Although this possibly may not tear down security completely, the
general level of security is not improved.  Most likely it will
decrease.  Whether this is acceptable, depends on your scenarios,
the known present ones and the possible future ones.

Being more aware of the consequences of these small actions like
"using the same password" surely belongs to the lessons learned
at least in the past year.  And, of course, how to prioritize
security in contrast to, e.g., usability.

Regards,
Mathias

-- 
CAcert Assurer

Do you want to encrypt your mail?  Then join CAcert and get your SSL
certificate from https://www.CAcert.org.  If you have any questions,
don't hesitate to ask.

OpenPGP:  ID 0x44C3983FA7629DE8 - http://www.sks-keyservers.net
Fingerprint: B100 5DC4 9686 BE64 87E9  0E22 44C3 983F A762 9DE8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: </pipermail/attachments/20140726/2acf667f/attachment.sig>


More information about the Gnupg-users mailing list