Atom Smasher wrote: > in theory, if you're *really* using a strong pass-phrase, you can > publish your private key in a public place and rest secure in the > knowledge that no known technology can break your 100+ character > pass-phrase... and if a hard drive or several go up in smoke you can > recover a copy from google's cache ;)
This is true in practice, too, as long as some caveats are met. > one thing i've thought about is using a one-time-pad to break a > private key into 2 (or more) shares. then send (using secure > channels) each share to one or more trusted persons who don't know > each other. maybe put one of the shares in a bank safe. if all of > your hard drives explode on the same day you can collect the shares > and reconstruct your key. Ack! Ack! One time pads! Ack! I really, really wish the Vernam cipher was either lesser known or better known. If it was lesser known, fewer people would advise ever using it. If it was better known, more people would understand its phenomenal shortcomings. Point blank: unless you can spend a lot of money on training and infrastructure, you are almost always better off using conventional crypto. The Vernam cipher is /expensive/ to use properly, precisely because it is so unforgiving of any kind of failing. The secret sharing idea isn't a bad one, but using the Vernam cipher to do it is a very bad idea. The Shamir Secret-Sharing Protocol works much, much better for this purpose. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
