Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario descargar pdf (Pagina 98)

12. Notes, Tips & Tricks

12.1. How to choose a good passphrase

The passphrase is the last line of defence to your private key, should your key

pair fall in enemy hands. This might happen more easily than you think, by

means of someone stealing your laptop, a malware uploading your private

documents from your infected machine to a rogue server, or simply by your

momentary thoughtlessness when you distribute your whole key pair instead of

your public key.

With your secret key and your passphrase, anyone can impersonate you by

signing messages on your behalf, and decrypt messages that were intended for

your eyes only.

Luckily, the passphrase provides a quite good protection, since it encrypts the

private key with a strong cipher. It is important that you choose a strong

passphrase that could not be easily cracked by password guessing or brute-

force programs. In this section we illustrate some criterion to do so.

GnuPG/Enigmail also allow you to not set a passphrase on your key pair. This

is absolutely not recommended, and should be done only in exceptional

circumstances, for instance when non-interactive processing is needed.

Do not use the following as your passphrase:

Your name, address, age, date or place of birth, car license plate, the

name of your spouse, children, parents, pets, or any other information

related to you;

Words in any language/dialect, past or present, real or imaginary, e.g.

French, Cockney, Latin, Elven, and Klingon;

Names of real or fictitious people or places;

Names of movies, songs, music bands, groups, and such;

Obvious sequences of letters and/or numbers e.g. abc123, qwertyu,

YYYYYYYY

1 2 ... 93 94 95 96 97 98 99 100 101 102 103 104 105 106

Sin comentarios

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario Pagina 98