Physical storage of key is the weakest link
Andrew Purshottam
andy at autodesk.com
Fri Jul 1 15:48:09 PDT 1994
[good discussion of how the pass phrase is more guessable
that the secret key deleted ]
>> In short, these are reasons to keep your secret key secret. Your
>> passphrase alone may be insufficient (else why not just dispense with
>> the secret key and just have a passphrase?).
Well, because the secret key is part of a <secret key, public key> pair,
and is thus some un-rememberable number, rather than a hash of something
rememberable.
More information about the cypherpunks-legacy
mailing list