<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Interesting points... I'm not sure I have all those files such as
the TOFU (have to actually read more about it). I think if all
the important files are stored in an encrypted container, they
should be pretty secure. <br>
</p>
<div class="moz-cite-prefix">On 5/24/2020 9:16 AM, Peter Lebbing
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d3404915-7412-41f3-c75e-d93ccedc2014@digitalbrains.com">
<pre class="moz-quote-pre" wrap="">Hi,
On 24/05/2020 16:05, Felix Finch wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Out of curiosity ... how safe are these files as is, assuming the
private key file has a good strong passphrase?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
The safety of the private key purely depends on the strength of the
passphrase. Note that backups will have the passphrase that was set when
the backup was _made_. Changing the passphrase on your computer will not
change the passphrase in any older backups.
But there is more data in your GnuPG homedir that is not encrypted but
is privacy-sensitive. If you ever assign someone ownertrust, that will
be reflected there. It indicates how much you trust people to correctly
verify other people's identities and how well you trust them to keep
their private key private. Your brother-in-law might be offended by you
assigning him "NEVER TRUST", and your partner might not appreciate you
apparently having somewhat recently assigned positive trust to that ex
you swore you never saw anymore.
And then there is the history data for TOFU, which exposes some data
about when you verified signatures by other people or when you encrypted
something to someone. This data is there to help you analyse
trustworthiness about the third party in question when so prompted, but
it is also communication metadata about you.
These pieces of data might not exist for your particular configuration,
but they can exist.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">How hard is it to crack a good passphrase?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
I think the definition of a good passphrase is that it is infeasible to
crack it. That makes it circular reasoning.
A well-executed "Correct Horse Battery Staple" passphrase or a long
enough diceware passphrase cannot be cracked. The problem is determining
whether you did it right or are misunderstanding some vital detail of
creating a good passphrase.
For instance, actually choosing "Correct Horse Battery Staple" is about
the worst thing you can do... :-)
HTH,
Peter.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnupg-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnupg-users@gnupg.org">Gnupg-users@gnupg.org</a>
<a class="moz-txt-link-freetext" href="http://lists.gnupg.org/mailman/listinfo/gnupg-users">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a></pre>
</blockquote>
</body>
</html>