On 15/04/13 07:24, Ashley Holman wrote: > I also have a followup question. Is it acceptable practice to make a > paper backup of your private key by exporting it in ascii armored mode > and printing it onto some paper?
You should take a look at PaperKey[1]. It will produce text with some redundancy for error checking that is the most concise description of the secret part of your key. That means it is only the secret part, and in the case of PaperKey, you /do/ need a separate backup of the public key to reconstruct your secret key. But public keys are usually kept in several public places. > Would it be advisable to encrypt my private key with scrypt or is it > recommended to stick to PBKDF2? The usual answer here is: stick to the defaults. They are the defaults for a reason. Choose a good passphrase, other than that, the system is secure. By the way, you say "more vulnerable to a brute-force attack". But a brute-force attack is usually not associated with vulnerability. Anything verifiable[2] can be brute-forced. The deciding factors are the number of possible combinations and the computing power needed to do one guess. Seeing the number of possible combinations in the crypto primitives used by the default GnuPG settings, you shouldn't worry about brute forcing. I'd say it's impossible. > What are the strongest settings for --s2k-cipher-algo, --s2k-digest-algo, > and --s2k-count? There are no strongest settings. Different algorithms have their own strengths. > Basically I'm looking to have my private key really protected so that > even if it fell into the wrong hands it would be downright unfeasable to > brute force I think you're confusing the term "brute force" with the term "crack" or something similar. --s2k-count is the most deciding in how difficult it is to brute force, I think. A criticism of SHA-3 is that it can be so quick that this might be an issue in some settings, but you can't choose SHA-3 as the s2k-digest-algo anyway ;). The defaults are fine. You could opt to use 3DES or AES instead of the default CAST5. But your secret key is already safe with CAST5, so there really is no need. If it were not safe by a big margin, it wouldn't be the default. The authors of GnuPG weren't born yesterday. If attackers already need all the energy of 5 suns to crack your private key, it really doesn't matter if they need an additional 5 when you tweak the settings. Attackers don't usually have 5 suns in their back pocket. We're talking about completely hypothetical cracks already, barring any major (and unforeseeable) advances in mathematics. If you choose to believe me, obviously. I'm not a cryppie, and even cryppies are only human. HTH, Peter. [1] http://www.jabberwocky.com/software/paperkey/ [2] Complexity class NP. Apart from the one-time pad, I don't think there is useful crypto outside NP (I wouldn't call OTP very useful either ;). I'm interested in hearing any arguments why something outside NP would be useful. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
