[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: quetion about Multi-user systems
The problem of managing PGP between your PC at home (whether DOS, Mac, or Unix)
and insecure machine at work/school/email-seller comes up a lot.
One way to handle it is to only do PGP at home, which is inconvenient,
but you can at least use workarounds like logging into the work system from home,
uploading the file with kermit or reading directly with POP,
decrypting, and reversing the process to respond.
A much less secure way is to only read it at work :-)
An intermediately insecure approach, depending on how paranoid you are,
is to have two public keys, a more secure one you use only at home,
and a less secure one (which you might as well use a short key for)
that you use for mail sent to your work account, and make sure you
only connect to directly, not from dumb terminals on terminal servers
or dialins, both of which may go across a LAN. Since PGP lets you store
multiple keys on your secret key ring, you *can* have your home machine
know about both keys, so you can upload and read the work mail at home.
Of course, if you want a really insecure approach, you can attach a modem
to your home system so you can kermit in to it from work, upload the file,
and decrypt it there, typing your "high security" password on the
multi-user Unix box across some LAN to a modem pool on a terminal server,
leaving 3-4 opportunities for someone to listen.
What do I do? I used to not have a PC, so I did my PGP on my diskless
workstation, which was rabidly insecure, and indicated in my key's
user-description field that it was a multi-user system.
Now I do my work computing on a laptop, so it's the only placve I do PGP,
and it's ViaCrypt for legality.
BIll
# Bill Stewart AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email [email protected] [email protected]
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465