Hmm, I’m having a hard time imagining how someone could get me to divulge the passphrase if they couldn’t also get me to hand over the key backups I own. Of course, my imagination is not the limit here, so is there something I’m missing?
Thanks, Shea > On Nov 20, 2014, at 11:27 AM, Robert J. Hansen <r...@sixdemonbag.org> wrote: > >> My private key is encrypted with a very strong passphrase (10 word >> diceware [1], not written down, 129 bits of entropy). Given that, is it >> safe to back it up on disks I don't control, such as a private S3 bucket >> or a VPS? My intuition says yes, but I've learned to never trust my >> intuition when it comes to security. > > If you are completely confident that no one will ever get your passphrase > from you, this is safe. Otherwise, it's not. > > It may be appropriate to have a little caution with respect to whether you > believe anyone will ever get your passphrase from you. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
