On Tue, Jan 07, 2020 at 14:09:50 +0100, Wiktor Kwapisiewicz via Gnupg-users wrote: > Additionally smartcards require PINs and lock the card after several > tries. This is not possible with keys on USB drives.
PINs can also be changed confidently. The passphrase of the _copy_ of a key on disk can be changed, but you can't necessarily be confident that it's the only copy. It could have been copied with or without your knowledge, by you or an adversary. If you enter your passphrase somewhere and realize after the fact that someone may have been standing over your shoulder, or there's a security camera in the distance, an audio recording of your keypresses, or _anything_ that reduces the keyspace of your passphrase, then an attacker can brute force the rest offline forever using an old copy of your key, and there's nothing you can do about it. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users