On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > >> I'm going to lean very far out the window and assume he meant the actual > >> private key, not the private key-ring/-file/... > > > > I'm not sure I understand the distinction you're making there. > > One is protected with a passphrase (i.e. it's encrypted), the other is > in the clear. > > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt.
Well, not quite. Eventually you would get it. The task of security systems is to make "eventually" be longer than: o the payoff is worth; or o the time it takes to be discovered; or o the time it takes for the secured object to lose its value. Statistically, that is. You could get it right on the first try, but you very probably won't. You are guaranteed to get it right if you try every possible value. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgpEM0NhDGA98.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users