[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: public accounts / PGP / passphrases



-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Thanks to Derek, Jonathan, Rich, Mike Duvos, and Scott Collins for the
responses to my query. It seems everyone agrees that the PGP private key is
not trivially breakable without the pass phrase, so I'm keeping my pass
phrase. All of the techniques mentioned were familiar to me, except this bit
from Mike Duvos:

> Given the state of Unix security, I would certainly not want to
> type my passphrase into a Unix box unless I was the only user,
> was directly connected to the box through a wire I could see, and
> had just done a fresh boot after verifying the MD5 hash on all
> the OS binaries.

Could you clarify where the `clean' copy of the hash of the OS is being
stored, if not on the machine in question ?

I must confess that I'm not personally prepared to push my machine into an
early grave by rebooting before I sign or encrypt anything. Besides, I'd be
pushing _myself_ into an early grave if I did that. YMMV.

I have a 386 at home, on which I suppose I could run PGP, but that doesn't
help. Why ?  Simply because going home to dial in is a major inconvenience.
Leaving aside my unwillingness to stay home in the evening just to use my
public account, it's utterly impossible for me to leave work during the
day whenever I want to use PGP. The only solution I can imagine is to keep
a notebook computer running Linux at work, and dial in to the DECstation
five feet away from my desk at work. I've no idea how to convince the tech
staff here to add a dedicated phone line to my lab for this purpose. Any
better suggestions on using PGP safely during the workday ?

- - -L. Futplex McCarthy; PGP key by finger or server  "We've got computers, 
we're tapping phone lines; I know that that ain't allowed" --Talking Heads

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLuLpDGf7YYibNzjpAQEu5gP8CVtFJwKVGalnl8c4F52vrfzK7NV3JRMh
AB2w9L8ePbpggSM65YGN4kkuUyS8BMi6sbLUS2GtupVK6/vaKK/kDngKMIB+XS5D
GOLbKy8iieEm7NEwO5C4cwV8qnRorQ1Ox+l+LaGPOc/pl+ecT4rJtEGlBbj9NZV0
4p8E6Kw/66w=
=BMWc
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLuLqOCoZzwIn1bdtAQHdcwF9FjHQgEomyI/m8ShddvEhCCbq4qbhPwEQ
NMk4ookuD8nTs0/ov3DKqDHfQrxwjeTU
=5rbF
-----END PGP SIGNATURE-----