Interesting points... I'm not sure I have all those files such as the TOFU (have to actually read more about it). I think if all the important files are stored in an encrypted container, they should be pretty secure.
On 5/24/2020 9:16 AM, Peter Lebbing wrote: > Hi, > > On 24/05/2020 16:05, Felix Finch wrote: >> Out of curiosity ... how safe are these files as is, assuming the >> private key file has a good strong passphrase? > The safety of the private key purely depends on the strength of the > passphrase. Note that backups will have the passphrase that was set when > the backup was _made_. Changing the passphrase on your computer will not > change the passphrase in any older backups. > > But there is more data in your GnuPG homedir that is not encrypted but > is privacy-sensitive. If you ever assign someone ownertrust, that will > be reflected there. It indicates how much you trust people to correctly > verify other people's identities and how well you trust them to keep > their private key private. Your brother-in-law might be offended by you > assigning him "NEVER TRUST", and your partner might not appreciate you > apparently having somewhat recently assigned positive trust to that ex > you swore you never saw anymore. > > And then there is the history data for TOFU, which exposes some data > about when you verified signatures by other people or when you encrypted > something to someone. This data is there to help you analyse > trustworthiness about the third party in question when so prompted, but > it is also communication metadata about you. > > These pieces of data might not exist for your particular configuration, > but they can exist. > >> How hard is it to crack a good passphrase? > I think the definition of a good passphrase is that it is infeasible to > crack it. That makes it circular reasoning. > > A well-executed "Correct Horse Battery Staple" passphrase or a long > enough diceware passphrase cannot be cracked. The problem is determining > whether you did it right or are misunderstanding some vital detail of > creating a good passphrase. > > For instance, actually choosing "Correct Horse Battery Staple" is about > the worst thing you can do... :-) > > HTH, > > Peter. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
