private key protection

Mark H. Wood mwood at IUPUI.Edu
Tue Oct 18 15:15:14 CEST 2011


On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote:
> >> I'm going to lean very far out the window and assume he meant the actual
> >> private key, not the private key-ring/-file/...
> > 
> > I'm not sure I understand the distinction you're making there.
> 
> One is protected with a passphrase (i.e. it's encrypted), the other is
> in the clear.
> 
> If I manage to steal your private keyring, then yes the very strong
> passphrase should grind my attempts to steal your key to a halt.

Well, not quite.  Eventually you would get it.  The task of security
systems is to make "eventually" be longer than:

o  the payoff is worth; or
o  the time it takes to be discovered; or
o  the time it takes for the secured object to lose its value.

Statistically, that is.  You could get it right on the first try, but
you very probably won't.  You are guaranteed to get it right if you
try every possible value.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20111018/6d944f81/attachment.pgp>


More information about the Gnupg-users mailing list