On Thu, Jan 05, 2006 at 12:21:00AM -0500, Atom Smasher wrote:
> has anyone given any thought to what would be the difference between 
> carefully and carelessly making hard-copy backups of secret keys?
> 
> i mean, it would be stupid to print a copy of ones secret key (with a weak 
> passphrase) and leave it lying on a table next to a window. OTOH, a 
> printed copy of a secret key (with a strong passphrase) would probably be 
> "secure" in a 10 ton safe.
> 
> so how strong should a passphrase be when printing out a secret key in the 
> first place? what are the pros/cons of hiding versus securing a hard-copy? 
> what other factors should be considered?
> 
> bear in mind, these are philosophical questions with philosophical 
> answers... i'm not looking for absolutes.

from my experience, all keys for long-term, _safe storage_ (and after
revocation) should be kept with no passphases at all

human memory is very volatile and some day you gonna need to decrypt an old
email encrypted with the key you revoked in 1993[1], and there's is no way
you'll remember the old, long time not used, non-trivial passphrase

alex

[1] Thats actual thing that happened to me two weeks ago.
-- 
mors ab alto 
0x46399138

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to