On Wed, 3 Jan 2007 05:28, [EMAIL PROTECTED] said: > It been proved over and over that changing passwords often is bad. The > reason you ask? People write them down. Just like the people that put a > post-it on the back of a debit card with the PIN.
With passphrases used to protect private keys there is another argument against the requirement to change a passphrase: The passphrase is designed as failstop measurement in case the private key ever leaks out. Now, if the private key has actually leaked, changing the passphrase won't help because breaking the old passphrase would reveal the same private key. Even worse, if an attacker has access to (say) regular backups of the protected private key, a scheduled passphrase change will make it easier for him to break that protection. The chance that a dictionary attack succeeds gets better if there are more attack targets ultimately revealing the very same private key. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
