Backup of Keys

Peter Lebbing peter at digitalbrains.com
Mon May 25 09:36:17 CEST 2020


On 24/05/2020 21:39, Mark wrote:
> I know there are other options maybe even some that use
> biometrics to decrypt the database.

I am very wary of biometrics for authentication purposes. There are so
many examples where the vendor assured us it was working really well,
and researchers easily cracked the system by using a photo, or
photocopied fingerprints they lifted off a glass or even more funny from
the fingerprint reader itself.

That's for authentication, where only non-reproducability is vital. For
encryption, it's much worse, because you need a lot of entropy for that
to ward off offline attacks. And biometrics just doesn't have that much
entropy.

And both share that there is no recovery from compromise. If somebody
learns your passphrase, you change it, tracking down all backups and
changing them as well. That might be a little painful.

If somebody manages to copy your biometrics, you can't change them. You
could erase your fingerprints by taking a job processing pineapples on a
daily basis. And you could get plastic surgery for your face, but that
really puts the painful in "it's so painful to change your passphrase
everywhere"...

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200525/aeb61cc7/attachment.sig>


More information about the Gnupg-users mailing list