> I don't see any way to protect users against forgetting their encryption passphrase, or losing their private key, without offloading trust somewhere.
Private keys are obviously an issue, but I don't really get why passwords are considered so important.
I like to use GPG when I can for communicating with people, but most of the things I put on it are less private than what you would get if you got my computer.
I don't think passwords protect you if the attacker can install a keylogger (correct me if I'm wrong), so anyone with hardware access or malware isn't going to be stopped. You are only protecting against people that can read files from your computer but not install hardware/software.
I think for the average user the password provides little extra security while having a high UI cost.
Private keys are obviously an issue, but I don't really get why passwords are considered so important.
I like to use GPG when I can for communicating with people, but most of the things I put on it are less private than what you would get if you got my computer.
I don't think passwords protect you if the attacker can install a keylogger (correct me if I'm wrong), so anyone with hardware access or malware isn't going to be stopped. You are only protecting against people that can read files from your computer but not install hardware/software.
I think for the average user the password provides little extra security while having a high UI cost.
reply