> What are your views on keeping .gnupg folder in cloud? Potentially foolish, but not for the reason you might expect.
I've often said I'm willing to publish my keyrings in the _New York Times_. I'm not being facetious. My passphrase is 128 random bits from /dev/urandom -- a bear to memorize, but it means if my private key gets published in the newspaper I have nothing to fear (except, perhaps, someone deciding to torture me to get my passphrase: an event that I find unlikely). But the .gnupg folder contains a few sensitive files, such as random_seed. If you publish your random seed, it's theoretically possible for someone to determine the internal state of your random number generator, and at that point you've got a serious risk to the confidentiality and integrity of your communications. If I recall correctly, not all platforms use random_seed. The basic lesson remains the same, though. There are files in .gnupg which probably should not be stored in the cloud. :) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
