Hi, On 24/05/2020 16:05, Felix Finch wrote: > Out of curiosity ... how safe are these files as is, assuming the > private key file has a good strong passphrase?
The safety of the private key purely depends on the strength of the passphrase. Note that backups will have the passphrase that was set when the backup was _made_. Changing the passphrase on your computer will not change the passphrase in any older backups. But there is more data in your GnuPG homedir that is not encrypted but is privacy-sensitive. If you ever assign someone ownertrust, that will be reflected there. It indicates how much you trust people to correctly verify other people's identities and how well you trust them to keep their private key private. Your brother-in-law might be offended by you assigning him "NEVER TRUST", and your partner might not appreciate you apparently having somewhat recently assigned positive trust to that ex you swore you never saw anymore. And then there is the history data for TOFU, which exposes some data about when you verified signatures by other people or when you encrypted something to someone. This data is there to help you analyse trustworthiness about the third party in question when so prompted, but it is also communication metadata about you. These pieces of data might not exist for your particular configuration, but they can exist. > How hard is it to crack a good passphrase? I think the definition of a good passphrase is that it is infeasible to crack it. That makes it circular reasoning. A well-executed "Correct Horse Battery Staple" passphrase or a long enough diceware passphrase cannot be cracked. The problem is determining whether you did it right or are misunderstanding some vital detail of creating a good passphrase. For instance, actually choosing "Correct Horse Battery Staple" is about the worst thing you can do... :-) HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
