[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP help and comments.
> [lost attributions, sorry]
So did I! ;^)
> >> I could do an ascii upload of my secret key and never expose my
> >> key to disk-storage.
> > This is even more dangerous than storing it on the disks of a multi-user
> > machine. Unless you are running in a kerberos environment it is trivial to
> > snoop your upload off the network...
> I don't find the risk of a real-time snoop to be as bad as the risk
> of a future snoop finding my private key alongside encrypted files that
> have been stored forever (backups).
I am the writer of the original post, and I quite agree with the responce that
said that this was a bad idea. The whole point in being secure, is being as
secure as possible.
> To mitigate either problem, how about having two layers of encryption: a
> private key to decrypt files for reading on a public machine, and a second
> public/private pair to reencrypt the files for storage and
> transmission to the home machine. The public machine knows
> the first private key (if snooped) and the second public key; only the
> home machine knows the second private key. Snooping the first private
You still have to store a secret key somewhere. And to do that, you must trust
your system administrater.....
> key compromises only unread and future messages until the key is
> changed. Messages archived in the reencrypted state are secure, but
> messages archived in the unread state with the first private key are
> still compromised forever. Is backing up mail directories a common
> practice? Are there (probably system-dependent) ways to avoid backups,
> such as anticipating or detecting when backups are about to occur,
> hidden directories, file permissions, etc?
>
> Also, this system introduces some user hostility, in that
> reencrypted files cannot be read again until moved to the
> home machine.
It was suggested that I keep my public keyring on the mainframe and use it to
read mail. When I want to send mail, I encrypt it at home and upload it into
my mailer. This is what I do now. I forgot who you were, but you gave me a
good idea. Thanx.
> Another idea is to implement the relevant features of Kerberos in
> a high-level client/server package that can be used to secure personal
> network communications of this kind. The package could be distributed
> with PGP.
What are these features? I don't know what kerberos is.
+----------------------+----------------------------------------------------+
| J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. |
| +----------------------------------------------------+
| [email protected]| "I'm just looking for the opportunity to be |
| Thunder@forum | Politically Incorrect! |
| (505) 299-2282 | <me> |
+----------------------+----------------------------------------------------+