[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Safemail

To: Andrew Loewenstern <[email protected]>
Subject: Re: Safemail
From: "Deranged Mutant" <[email protected]>
Date: Thu, 20 Jun 1996 23:38:14 +0000
CC: [email protected] (Daniel R. Oelke), [email protected], [email protected]
Comments: Authenticated sender is <[email protected]>
Organization: What organization?
Priority: normal
Sender: [email protected]

On 20 Jun 96 at 12:28, Andrew Loewenstern wrote:
[..]
> There are other, more serious, drawbacks to such a scheme though.  You can't  
> change your passphrase without changing your public key.  People can try to  
> guess your passphrase with only your public key.  Crack can guess peoples  
> account passwords something like 24% of the time.  I doubt the average joe  
> would use much better passphrases for their secret key.  That's a scary  
> thought!!  At least with PGP someone has to get a copy of the encrypted  
> secret key first.

You could require *very good* passphrases.

Rather than changing a passphrase, revoke the key. Perhaps expire 
keys after a certain period of time.

Longer lasting keys (such as a digital timestamp service) would save 
private keys with a protected password instead.

 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 [email protected] (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <[email protected]>
Send a message with the subject "send pgp-key" for a copy of my key.

Prev by Date: Bal's PKS; pgp.net?
Next by Date: Re: where'd Bal's PKS go?
Prev by thread: Re: Safemail
Next by thread: Recipients get the postage
Index(es):
- Date
- Thread