Backup of encrypted private key on uncontrolled disks
Jeremy Reeve
jeremy.reeve81 at gmail.com
Thu Nov 20 19:01:02 CET 2014
A keystroke logger?
Jeremy
On 20 November 2014 16:54, Shea Levy <shea at shealevy.com> wrote:
> Hmm, I’m having a hard time imagining how someone could get me to divulge
> the passphrase if they couldn’t also get me to hand over the key backups I
> own. Of course, my imagination is not the limit here, so is there something
> I’m missing?
>
> Thanks,
> Shea
>
> > On Nov 20, 2014, at 11:27 AM, Robert J. Hansen <rjh at sixdemonbag.org>
> wrote:
> >
> >> My private key is encrypted with a very strong passphrase (10 word
> >> diceware [1], not written down, 129 bits of entropy). Given that, is it
> >> safe to back it up on disks I don't control, such as a private S3 bucket
> >> or a VPS? My intuition says yes, but I've learned to never trust my
> >> intuition when it comes to security.
> >
> > If you are completely confident that no one will ever get your
> passphrase from you, this is safe. Otherwise, it's not.
> >
> > It may be appropriate to have a little caution with respect to whether
> you believe anyone will ever get your passphrase from you.
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141120/57c59b71/attachment.html>
More information about the Gnupg-users
mailing list