On Fri, May 6, 2011 at 00:45, Anthony Papillion <papill...@gmail.com> wrote:
> Does having possession of your secret key really make you less secure? > Yes. > I mean the whole purpose of a passphrase is because you assume your > secret key is *not* safe simply being unprotected in your possession. Law enforcement, hackers, even friends could *easily* get physical > access to your key so it's the passphrase that's of value. > You get practical security by adding more and more hurdles to get to your data. Your password is -- hopefully -- a kind of "wall" they have to break through. As is gaining access to your key. A: They need your password to get at the data. Now your data is exactly as secure as your password. B: They need your password *and your keyfile* to get at the data. Now your data is as secure as your password, and even further. Of course, if there is a cost involved with keeping your keyfile secret -- and there is always *some* cost involved with everything -- then it becomes a trade-off. See the email I'm about to post. -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
