RE: https://mstdn.ca/@upofadown/116228633551820031
1. On key storage: Theoretically, you are absolutely right, a strong passphrase is mathematically enough. But as you mentioned, the human factor is the bottleneck. That's why defense in depth (like keeping the key offline or on a hardware token/smartcard) is still highly recommended. It bypasses the passphrase usability issue entirely.
2. OCB is about having stronger, mathematically proven guarantees against ciphertext malleability .
New article: Security Theater: Why "Easy Crypto for Foolish People" is Killing PGP