On 10/18/2011 8:10 AM, Jerome Baum wrote: > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. If I > manage to steal your private _key_ OTOH, I don't need to get past your > passphrase as that doesn't come into play.
Nonsense. Have you looked at how GnuPG stores a keyring? It's a sequential series of individual keys, one octet after another. There is no difference between an individual private key and a keyring containing one entry. (Note: this was true as of early in the GnuPG 1.4 days, which was the last time I seriously looked at the code. I'm going from a memory a few years old here.) What you seem to be saying is "if I steal your decrypted key, which is to say the raw key material...". Well, okay: but we already know that's a game-over state, which makes your statement trivial. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
