I think maybe I didn't make the bit about private keys very clear: we're talking about proper randomly-generated private keys, just in PGP. I was just suggesting that since you have to walk around with a private key file, at least it gives you an excuse to get rid of passwords, and just authenticate with the server using the private key.
On 17/09/2014, Ryan Carboni <rya...@gmail.com> wrote: > The majority of people are no more capable of GnuPG than understanding why > RAM can't be solely used on a computer. > > GnuPG has some weird defaults that are difficult to change as well without > some command line commands. > > Ultimately your system will have a major flaw: passwords are typically have > low entropy, and anyone with the same password will read the same mail > unless you concatenate a salt the user has to remember. > > > The ideal system would be to use Tor in conjunction with guerrillamail. Or > to use a preshared key with a block cipher, and hide the encryption (since > evidently you want to avert the attention of the NSA to be encrypting in > the first place) using steganography. > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography