[clue-tech] Some thoughts about GnuPG.
Jed S. Baer
cluemail at jbaer.cotse.net
Sat Sep 4 17:50:03 MDT 2010
On Sat, 04 Sep 2010 17:32:31 -0600
David L. Anselmi wrote:
> So we'll talk about that at installfest. There do seem to be levels to
> signatures (see Signature Types in RFC 4880). To make those meaningful
> you'd have to have a personal policy like this:
> http://www.mattb.net.nz/keys/
I haven't looked at gpg for a bit, but I don't recall ever running into a
checkbox for key type. Only trust level.
> (Not much different than the
> current problem with identity theft, except that *you* are suffering
> from the lack of care by *others*.)
Yep, that's the problem. To say nothing of people carelessly forwarding
things. I've noticed that the modus operandi of newcomers to electronic
communication is to just forward stuff.
> > Although I do have a few memory tricks in mind for these sorts of
> > things, my other worry is that I won't be able to remember a
> > passphrase of sufficient complexity.
>
> Smart cards are probably pretty useful for this problem. I expect to
> use a pretty long phrase for both the live CD file system and the
> private key passphrase. And a shorter one for the sub keys I keep on
> my laptop. (Is length better then complexity? I forget. Longer will
> probably be less complex and shorter will be more complex.)
Well, I was using 'complexity' as a proxy for entropy, which I admit I
still don't really understand anyway, so maybe that was a bad thing to
do. But it's possible for long keys to be less complex than shorter ones.
At least the way I'm using the term. Suppose you use only capital letters
in your phrase. A somewhat shorter phrase which uses mixed case,
punctuation, numbers, and spaces, is better. I hope that made sense. ;-)
--
Ok, so we should be thinking of a lovable, cuddly, stuffed penguin
sitting down after having gorged itself on herring. Still with me?
-- Linus Torvalds
More information about the clue-tech
mailing list