Iterating the hash is called key stretching: the However, I had the default SHA-1 hash (ouch) with only 64k Passphrase length and complexity is by far the most important factorĭetermining the safety of your encrypted secret key. My passphrase is significantly longer than the average,Īnd consists of random characters (uppercase, lowercase, numbers, It turns out that PGP encrypts each of your secret keys with a hash of the The security of the secret key encryption. Telephone (BlackBerry PRIV, FDE encryption active FWIW), I had to double-check Seeing that I was planning on carrying my long-term private keys around on my OpenKeychain to the rescue! Strengthen your secret key encryption It’s tricky to verify a message with a baby in your left hand and a telephone in your right! Past often had to wait until I was behind one of my own laptops or With a mobile PGP solution, as I also did have to agree that I’ve in the In terms of accessibility, the post did make me curious enough to experiment Accessible PGP on your smartphone with OpenKeychain Have my key fingerprint on them (yes, I’m one of those nerds).Īt their ends, the recipients of my messages are able to determine with anĮxtremely high degree of confidence that I wrote the exact message they In-person formal PGP signing procedure, or I make use of the web of trust, or With all of these correspondents I have in the past either done some sort of PGP-signed messages to my main Signal correspondents with our new safety Happened 3 or 4 times over the past two months because Android), I send Well, one of the most important uses of my long-term PGP keys is toĬryptographically sign messages that can be verified by people in my networkįor example, when I change my phone or re-flash its firmware (this has However, in spite of these factors, I am not yet ready to give up my PGP long-term keys. Security a moving target, as one of the Ars Technica commentersĪstutely summarised Filippo’s ideas. More generally, it makes a great deal of sense to make your (how do you verify a message with a baby on your left arm and your telephone Keys, lack of forward secrecy (if someone were to steal my keys, they couldĭecrypt all past conversations, unlike for example Signal) and accessibility I agree with many of his points, especially the complexity of managing those Wrote that he was giving up on PGP, or at least on long term PGP keys. Recently, Filippo Valsorda, cryptography expert and TLS guy at Cloudflare, You should strengthen your secret key encryption if you’re also Doing this on my Android telephone is easier than I (Summary: Cryptographically signing messages with my long-term PGP keys is
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |