|
|
|
|
|
|
by achivetta
4348 days ago
|
|
|
I think the hesitations about passphrase being subject to brute force, rainbow table, etc. are warranted, but I have another concern: If my passphrase gets compromised, I have to retire the keypair. That's true of a key file with current asymmetric systems; but, presently if the passphrase of my GPG private key is compromised (e.g. by a hardware key logger), I only have to change the passphrase and ensure the old keyfiles are destroyed. With MiniLock, if my passphrase is compromised the entire key material is compromised and I need to revoke the public key. But how do I revoke it? Do I tweet a message with the private key saying the public key is revoked? Will there be a centralized place to publish revocation messages? Efficient key revocation will be absolutely critical to this system and that's hard if the key distribution mechanism is tweets or some other ad hoc mechanism. This is one thing that PGP key servers really help with. |
|
|