-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/24/07 02:50, Dan H wrote: [snip] > > One more problem I would have had is that I might have forgotten my old > passphrase. Fortunately I've been using one and the same passphrase for > over 10 years now, which in itself isn't so good, so I could > finally decrypt all my data, re-encrypt it with GPG and commit it to my > current backup scheme (7).
That's the REALLY big issue, especially for organizations. There needs to be a key escrow process so that 8 years later when the person who did the encrypting is long gone, the data can still be retrieved. My idea is to: 1. print the passphrase plus relevant info, 2. put it in an envelope well-marked with such vitals as key bit length and cypher used) and seal it, 3. sign your name and timestamp across the edge of the seal, so that it will be obvious if someone opens it and reseals it, 4. put packing tape all around it, 5. send it to Iron Mountain or a bank deposit box. Then impress upon Important People that this is Important Stuff that needs fiduciary care. - -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGVUivS9HxQb37XmcRAtZ7AJ99+l5tUED5zvD1ftzHrFOzP6JojgCeJGpb yF1Jg5ipZRGp4T+UAmjuaME= =7aSq -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
