Am So 19.10.2014, 21:10:20 schrieb Peter Lebbing: > It is clear you are not working on the same assumption as I did: that > there were already good passphrases on the keys, because this is > simply good practice
A good passphrase doesn't help against online attacks. The usual protection against offline attacks is volume encryption. Thus a strong passphrase (and who wants to enter that often?) is useful for those people without volume encryption only. But my experience is that many people do not use a good passphrase even without volume encryption. We have to accept that. But it seems to me to make sense to suggest a better passphrase at least for key files which are send via email or stored on USB sticks. > Have you thought of a way to only have to enter a password once and > use that for each (sub)key you wish to change, without keeping it in > swap-eligible memory? No. Why should that be better / easier than encrypting the whole archive? Especially as there may be other information in ~/.gnupg which you don't want to become public. > Perhaps you could elaborate on the procedure you have in mind. 1) Select the files. 2) Create the archive. 3) Encrypt the archive. (I just realize that gpg-zip does not encrypt the whole archive) Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
