>> I'm going to lean very far out the window and assume he meant the actual >> private key, not the private key-ring/-file/... > > I'm not sure I understand the distinction you're making there.
One is protected with a passphrase (i.e. it's encrypted), the other is in the clear. If I manage to steal your private keyring, then yes the very strong passphrase should grind my attempts to steal your key to a halt. If I manage to steal your private _key_ OTOH, I don't need to get past your passphrase as that doesn't come into play. cf. "Your private key being stolen isn't really that big of a deal." -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
