Philihp Busby wrote: > Regenerating your secret key like this is perhaps dangerous and easy to do > wrong, for example you will probably leak it in > your shell's history. If an attacker finds out this is your scheme, they can > then start to brute force your secret key > without need any access to your data, which happened with Brainflayer[1]. > > Since your secret key is stored symmetrically-encrypted with a passphrase, > it's not game over if it gets leaked (e.g. border > control). It is a concern that you could have leaked without knowing, and > your passphrase could _eventually_ being cracked; > better would be to put it on a smart-card like an Yubikey, which will only > give Mallory a couple chances to guess before the > tape self-destructs. > > [1] > https://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/
Thanks for the valuable input! While the echo and OpenSSL commands leave it in your history, the Go program does not display it in history. Also, when using a Windows Computer, without gpg4win installed, this could maybe useful too, because nobody would see that you have GnuPG installed and one installs it only after arrival. Or one use this technique with other symmetric encryption software, or for login credentials and telling family and friends only the easy to use password prior departure, which then can also be changed daily with a scheme like password = 'Holidays Day 1', next day 'Holidays Day 2' etc. Well, just a thought ... because I thought about the entropy for a strong password, while it can be memorized easily. Regards Stefan -- my 'hidden' service gopherhole: gopher://iria2xobffovwr6h.onion _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
