Enforcing password complexity for private keys

Karl Auer kauer at biplane.com.au
Tue Apr 30 17:32:37 CEST 2019


On Tue, 2019-04-30 at 18:50 +0530, Cyaniventer wrote:
> On Tue, 30 Apr 2019 06:55:07 -0400
> David Milet <david.milet at gmail.com> wrote:
> > We’re considering rolling out GnuPG at work for developers to sign
> > git commits.
> > [...]
> imo long term solution will be to tell them more about passwords and
> why choosing a good password is important.

Might also be worth asking yourself why you feel you need to sign git
commits. Also, if the people you are asking to sign with a GPG key are
not savvy enough or interested enough to choose good passwords (I
assume you mean good passphrases?) then you might have problems that
GPG won't solve.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75





More information about the Gnupg-users mailing list