Am 18.07.2017 um 15:36 schrieb Robert J. Hansen: > >> While it would be nice if it were easier to be able to back up easily >> as you're suggesting, shouldn't the focus of GnuPG be on security? > This *is* a security issue. > > Some versions of GnuPG use a file called "random_seed", for instance. > This file contains material for seeding a random number generator, and > for that reason it must not be backed up or shared between computers: if > the file doesn't exist it'll be recreated, but if it does... then you've > just reused RNG seeds on two different computers, which has the > potential to dramatically reduce the cryptographic security of the code. > > If you don't make it easy to back up keys, people won't back up their > keys. Then, any minor disaster has the possibility of irreparably > wrecking their keys and the Web of Trust connections they've carefully > created. Disaster recovery is an important part of security, too. Sorry if I'm asking dumb questions, but given that a) I am using the same GnuPG version on all machines and b) I am excluding random_seed, what would be wrong with sync'ing the whole gnupg directory (or the whole user profile / home directory) with rsync/duplicity/whatever ?
Also, can you point me to a more in-depth explanation on the security implications of re-using random_seed? I can imagine what you mean, but I'd like to know more. Thanks, Andreas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
