On Thu, 10 Dec 2009 10:05:48 +0100
Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
Anyway, the protected password is something which gives you a bit of
time in case your key has been compromised. But in a real world
scenario it will never give you the protection of the public key
encryption. If someone can access your secret key - be it protected
not not - you are lost.
If this is the desired security guarantee, then the salted/iterated
hash is already more than sufficient to fulfill it, it will continue to
be sufficient for decades or centuries to come, and there's no reason to
change. But given the opportunity to make a stronger guarantee, I don't
understand why you'd be uninterested in taking it. IMO it's reasonable
for a user to expect that cracking a good passphrase on his private key
should be just as hard as factoring his public key.
Complexity is the worst enemy of a (security) software. With each
line of code we add more bugs. After all we would add a maybe better
algorithms in exchange for an increased probability of severe bugs.
Those bugs are the problems and not any password cracking machines.
No argument from me here whatsoever; I agree that this is always a
tradeoff to consider for any new code.
--
Daniel Franke df(_at_)dfranke(_dot_)us http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
-----| =| \ /// --Voltaire
signature.asc
Description: PGP signature