[arch-general] How long do you make the passphrase for the private key?

Emil Lundberg lundberg.emil at gmail.com
Tue Jun 25 01:00:32 UTC 2019

I think the fact that it's not possible to be perfectly safe is not a good
reason to not earnestly consider what you _can_ do to try to protect
yourself. Of course you won't stand a chance if a nation-state is
determined to get you, but that doesn't mean you should just give up and
wing it, because the most relevant threats are probably much less capable
in most cases. It's still a good idea to try to quantify one's threat model
and what it would take to protect yourself, and then make a (somewhat)
educated decision on how much effort one is willing to spend on it.


On Tue, 25 Jun 2019, 01:14 Ralf Mardorf via arch-general, <
arch-general at archlinux.org> wrote:

> You want to make the packages available for general use. Does general
> use require behavioral biometric verification and spring guns?
> Black hats are able to hack Google and Facebook, what ever you
> will do, you never ever will be able to reach the level of security
> those and the other most successful computer related companies are able
> to accomplish.
> IMO an averaged "strong" but still memorizable passphrase, even when
> following obsolet rules, is ok.

More information about the arch-general mailing list