any way to use gpg(openpgp) with Argon2

Werner Koch wk at gnupg.org
Thu Jun 21 09:52:50 CEST 2018


On Wed, 20 Jun 2018 23:39, muelli at cryptobitch.de said:

> You might still get some value out of your passphrase (and the way it's
> been mangled) against an attacker that is capable of getting hold of

Assuming no sane person stores private keys on other people's machines,
getting hold of the data means in most cases that a laptop was stolen or
a disk was dumped without first destroying it.

For a laptop security aware people use disk encryption which also
protects the private key against the above cases.

The majority of comprises are due to remote automated attacks and these
are all involve the installation of malware.  No passphrase for an
on-disk key protects against this threat.

> your data (and perform offline attacks) but not fully compromising your

Ever played pinball?  I never heard about a half-tilt; it is tilt and
only tilt and you lost your ball or the game.  Same thing for computers.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180621/f95443a8/attachment.sig>


More information about the Gnupg-devel mailing list