Posting once again to both lists as I figure this is of interest to either
party. This is another one about encryption.
I'm curious about the relationship between a passphrase and a private key
when it comes to GPG/PGP encryption. Does a passphrase affect a private
key's eventual value when creating said key, or are the two completely
separate? I know that, with GnuPG on Linux, the output asks the user to
perform various tasks (disk I/O, mouse movements, etc.) to guarantee
ultimate "randomness" during the generation process, but is the chosen
passphrase also tied into the generation algorithm?
Further to that, when it comes to selecting a new passphrase down the road
- is it better practise to delete the existing key and generate a new one
with a different passphrase (after ensuring the existing key is no longer
needed, of course), or to just edit the passphrase using: *gpg --edit-key*?
This whole field is new to me and it's evident that even the slightest slip
of the mind or lapse of judgement can compromise your entire efforts.