Second, crypto experts say that user-remembered keys are not secure. A weak key may even weaken the strongest algorithm, because their entropy is less. So, if difficult keys are generated having good entropy, then a user cannot remember it. He needs to jot is down. But jotting down again compromises security. Then what is the solution?
A keyring is simply a file with keys in it. Typically public keys, and typically the term is used for PGP public keys. With PGP, we talk about a public keyring and a private (or secret) keyring. Obviously, a secret keyring contains secret keys.
Those keys are protected with a symmetric cipher, such as TripleDES, CAST or Blowfish. You can find the full gory details of how this all works in RFC2440 at http://www.ietf.org/rfc/rfc2440.txt. (Full disclosure: I'm one of the authors of RFC2440.)
A more complete, but perhaps inexact, description of how this works is as follows: You take someone's passphrase and hash it with SHA-1. That becomes the key that is used to encrypt the actual secret half of the key pair.
You are correct in that the weakest part of a cryptosystem is usually the passphrase that unlocks the user's secret key. What you do about it is balance the risks, threats and what you're trying to protect.
Security never exists in a vacuum. This is easy for tech people to forget. It is important to keep in mind what you're protecting and from whom. A passphrase jotted down and kept in your wallet isn't necessarily a bad thing. Typically, you'd think that an attacker is going to have to mug you to get it, and someone who would resort to violence to get a passphrase is a pretty determined attacker.
Now of course, balancing this is the information you're protecting. It's one thing to write down the passphrase you use to protect this quarter's marketing plans. If it's the secret whereabouts of Osama Bin Laden or Dick Cheney, you might not want to do that (especially if they're both in the same place). If you don't want to have a passphrase, you could use something like a smart card. A smart card can store the key and require physical possession of an object to get it, which makes it a more interesting security problem than hacking a file off of a computer. Smart cards can also have an extra level of security with a PIN or something like that. A PIN is nothing more than a low-value passphrase.
The bad news for you is that there is no such thing as *the* solution. Security doesn't work that way. If there were a single size that fits everyone, we'd all be using it by now. The problem is that there is not only variation across people, but each and every one of us has information that needs to be protected reasonably well (like my bank account) and information that doesn't need to be protect very well at all (like my Web subscription to the New York Times).
For more information on this topic, visit these other SearchSecurity.com resources:
Strom's Security Tool Shed: Create secure passphrases with Diceware
Network Security Tip: Diffie-Hellman key exchange
Executive Security Briefing: Smart card smarts
This was first published in February 2003