On 2011-07-19 6:18 PM, Kara wrote: > ==== > > Reference Robert J. Hansen's 19 Jul 2011, 1504 (-0700), "Re: secring > and dropbox": > >>> Is it a bad idea to place your secring in dropbox? >> Depends entirely on the strength of your passphrase. With a strong >> enough passphrase you could publish your secret certificates in the >> newspaper of your choice and still be confident of their safety. > Using a decent password generator and specifying a mix of upper and > lower case letters, digits, and special characters, how many total > characters -- as a minimum -- would you recommend such a password be? > > Any particular password generator program you would recommend? >
Your brain. You hav to remember it, so you are better off constructing it in the first place. Remember that you will hav no automated retrieval process, where a friendly program reminds you of your passphrase. It iz almost a shame that the most retrievable things are sentences with non-sensical images in them, like Harry Lorayne's pimple-moose for pomplemouse, the french word for grapefruit: He would hav you imajin a moose with giant grapefruit pimples to remember that french word. You can then insert punctuation and numbers that don't go on facebook, anywhere, cut some of words down to initials or consonants (or out, if it's long enough). Then, add a pattern in your casing. There could be a program like "crack" applied to input passwords, measuring strength. Of course, if you are confident that your private key ring will never go anywhere, and that you can revoke it if it does (JENERATE A REVOKATION CERTIFICATE. Store it on that USB key that is chained into your coat.) It would of course be a nuisance to hav someone publish your revokation certificate, and nothing like losing money at Mark Twain Bank. If your friends are good enough, then you can leave a revokation certificate with them. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users