new helper program for configuration import / export
Hauke Laging
mailinglisten at hauke-laging.de
Sun Oct 19 22:08:01 CEST 2014
Am So 19.10.2014, 21:10:20 schrieb Peter Lebbing:
> It is clear you are not working on the same assumption as I did: that
> there were already good passphrases on the keys, because this is
> simply good practice
A good passphrase doesn't help against online attacks. The usual
protection against offline attacks is volume encryption. Thus a strong
passphrase (and who wants to enter that often?) is useful for those
people without volume encryption only. But my experience is that many
people do not use a good passphrase even without volume encryption. We
have to accept that. But it seems to me to make sense to suggest a
better passphrase at least for key files which are send via email or
stored on USB sticks.
> Have you thought of a way to only have to enter a password once and
> use that for each (sub)key you wish to change, without keeping it in
> swap-eligible memory?
No. Why should that be better / easier than encrypting the whole
archive? Especially as there may be other information in ~/.gnupg which
you don't want to become public.
> Perhaps you could elaborate on the procedure you have in mind.
1) Select the files.
2) Create the archive.
3) Encrypt the archive. (I just realize that gpg-zip does not encrypt
the whole archive)
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141019/2c083e38/attachment.sig>
More information about the Gnupg-users
mailing list