On 3/29/15 2:32 AM, Samir Nassar wrote:
On Sunday, March 29, 2015 10:26:53 AM Anne Wilson wrote:Personally I prefer my password to be reference to a book - and you haven't a snowball in hell's chance of knowing which book or what reference to it :-) I doubt if even my closest family would guess the book.You might be wrong, you might be right, at most you are right for the situation you live in. Part of the discussion happening here is about general principles that cover cases where the risk is assessed to be adversaries who are making trillion guesses per second.
Um, no, it really isn't. :) The two components of your sentence "general principles," and "adversaries ..." don't go together, at all.
Yes, there are some people who use PGP for serious, even potentially life-threatening purposes. Those people need really strong pass phrases, and perhaps even ones that are so long that they cannot be remembered, or typed easily.
But the vast majority of PGP users are doing it because it's fun, and have no need for that kind of drama. Is it nice to encourage good operational practices for pass phrases for the "general" type of user? Of course it is, and we should do that. But pretending that super-long, untypable pass phrases apply to anyone except an extreme few is just silliness.
But worse than it being ridiculous on its face, by pretending that these kinds of practices are, or should be commonplace it makes it harder for people how would like to learn about encryption to do so.
Doug --I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
