Hacker News new | ask | show | jobs
by Tharkun 3714 days ago
From my understanding, there are two passphrases. One to encrypt the private key in the usual way. And another one that's used for storage on the IMAP server.

The RNG is, as far as I can make out, only recommend to ensure that users don't use a weak passphrase.
1 comments
felixhammerl 3714 days ago
exactly. the passphrase for the private key isn't touched. the >24 chars passphrase is used for the symmetrically encrypted pgp message.
link
cvwright 3713 days ago
Oh, OK cool. As long as you're using a good KDF to seed the CSPRNG that sounds great. Thanks for the response.
link