On 03/28/2014 07:48 AM, Peter Lebbing wrote: > And the hack presented doesn't allow for > the common scenario: a key file *as well as* a password.
sorry, i think my assumption of the common scenario was very different
from yours, or i wouldn't have recommended the conversion i did.
i'd assumed that anyone using a "key file" was using it as the
equivalent of a kerberos keytab -- a shared secret with some other party
that would be closely guarded and kept secret. I sort of took it for
granted that the base64-encoding of, say, /bin/ls on any version of any
well-known operating system is not a secret and would never be used as a
passphrase.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
