Enforcing password complexity for private keys

Karl Auer kauer at biplane.com.au
Tue Apr 30 17:32:37 CEST 2019

On Tue, 2019-04-30 at 18:50 +0530, Cyaniventer wrote:
> On Tue, 30 Apr 2019 06:55:07 -0400
> David Milet <david.milet at gmail.com> wrote:
> > We’re considering rolling out GnuPG at work for developers to sign
> > git commits.
> > [...]
> imo long term solution will be to tell them more about passwords and
> why choosing a good password is important.

Might also be worth asking yourself why you feel you need to sign git
commits. Also, if the people you are asking to sign with a GPG key are
not savvy enough or interested enough to choose good passwords (I
assume you mean good passphrases?) then you might have problems that
GPG won't solve.

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75

More information about the Gnupg-users mailing list