[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password Protecting GPG Keys

On 2014-06-16 14:01, Thorsten Glaser wrote:
> Russell Stuart <ras <at> debian.org> writes:
>> messages.  One of the reasons raised for not doing it is some felt
>> uncomfortable carrying around their GPG keys when travelling.
>> My initial reaction was "that's being overly cautious" particularly
>> given there signing every message doesn't mean you have to carry around
>> your master key.  However, it did make me wonder just how safe a GPG key
>> (or indeed any file) is, if it is protected by a password and nothing
>> else.
> You completely miss http://xkcd.com/538/

The $5 wrench people could also break into my apartment anytime they
wanted; that doesn't mean I don't lock the doors anyway.

When I take security precautions, I'm mostly thinking about the person
who might steal my laptop, or rob my apartment when I'm on vacation.
Those are very real threats and for data, they can be mitigated very
easily, to some extent. There is nothing irrational about that.

That comic is just a stab at *irrational* people. Like, people who
actually believe a government would build a multi-million-dollar
computer just to brute-force *their* keys.

> and the fact that some
> legislations may require you, with jail penalty, to hand over
> any encryption keys, passwords, etc. you have with you when
> inside their territory.

While that is sadly true, AFAIK all those legislations still require at
least good cause, but more usually a court order, to do so.


Reply to: