>Date: Sat, 19 Aug 2006 21:17:58 -0400 >From: David Shaw <[EMAIL PROTECTED]> >Subject: Re: Don't store your key on a flash drive! [was Re: GnuPG > (GPG) Problem]
[...] >> there's nothing inherently dumb about putting a private key on a >USB >> dongle as long as the passphrase is sufficiently strong. > >This is quite correct and frequently misunderstood. After all, >the >secret key encryption is essentially the same symmetric encryption >that is used to encrypt messages. If you're trusting it to >protect >your messages, you probably should trust it to protect your key as >well. if the secret key was generated before the fix of the * quick-check * problem of PGP symmetric encryption, http://eprint.iacr.org/2005/033 then does the passphrase need to be changed with a newer version of gnupg, or did this only apply to symmetric encryption of messages, and not symmetric encryption of the secret key? TIA, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
