1. 12

  2. 7

    This practice is a tiny marginal gain, backing up a few k of data, against risk of a significant loss: the key, identity, and every account or system it leads to. Don’t be reckless.

    1. 4

      I have read many of the author’s blog posts. He’s quite brilliant. Should I trust that he knows what he is doing?

      1. 6

        You should evaluate every idea on its merits.

        In this case you don’t have to be brilliant or even know anything about encryption to judge it. Is the benefit of backing up a single small file greater than the risk of losing your GPG key and every system it leads to?

      2. 3

        Even if someone has his secret key ring, each key in it is strongly encrypted with its own unique passphrase. I don’t think this is reckless.

        1. 1

          Importantly, there is no reason you can’t have multiple private keys, and only share the ones used for things you could not afford to lose. This is a good option for data backup, but, for example, if you’re using PGP to encrypt messages of a sensitive nature, and you don’t necessarily trust that your passphrase is secure enough, you could just keep those keys to yourself.

        2. [Comment removed by author]

          1. 5

            I emphasized the size because it’s easy to back up, even a paper printout in a bank box can work. That catastrophic loss is my second point on risk.

            1. 3

              Good point, I can agree with you.

          2. 3

            I agree, thanks for the comment here and in IRC.

          3. 1

            The things stopping an attacker are not having your private keys and not having your passphrase. It would take many tries to iterate through and guess those things. You just gave them your private keys, narrowing down the search space significantly. Computer power gets better and better each year, I wouldn’t help the attackers further by sharing part of the solution.