There was a thread on d-private in early March about the benefits and downsides to to requiring every DD and aspiring DD to sign their messages. One of the reasons raised for not doing it is some felt uncomfortable carrying around their GPG keys when travelling. My initial reaction was "that's being overly cautious" particularly given there signing every message doesn't mean you have to carry around your master key. However, it did make me wonder just how safe a GPG key (or indeed any file) is, if it is protected by a password and nothing else. To put the problem in precise terms: Lets say I had a bitcoin wallet with keys controlling $10M worth of coins. (A figure is needed because it determines the upper bound on the amount of effort a rational attacker would devote to the problem.) Is it possible to put an encrypted version of that file in a public place on the web, so that everybody knew what it was worth, and have it protected by a password I could be comfortable in remembering in a couple of years time, and be sure it is safe. "Sure it is safe" here means it is going to cost the attacher more than it's worth. It turned out to be a far more interesting question than I first supposed. To cut to the chase, I think the answer is yes - it is possible. But not with the tools shipped by Debian today  . I have up a web page explaining what you have to do to protect such a file, together with a tool that makes it possible (but possibly not convenient enough for everyday use). You can find it here: http://pbkdf2.sourceforge.net (don't be put off by the name.) Maybe it will convince some of you it is possible to carry your gpg key around with you - or at the very least store it in the web somewhere so you can get to it when you need it.  Debian does include scrypt, which is what I based my program on. Unfortunately it lets you set the maximum strength of the expanded key, but not a minimum. That's not quite what I was after.  And since it isn't possible with the tools available on Debian, that means my gut "he's being overly cautious" reaction was wrong.
Description: This is a digitally signed message part