[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using private keys on "insecure" multi-user systems for fun and profit!


[The following is being posted to alt.security.pgp, sci.crypt, and
cypherpunks and e-mailed to my friend Sebastian.  -Bryce]

Ed Pugh writes that he doesn't sign all his e-mail because he doesn't have a
decent off-line news/mail setup.  I strongly suggest to Ed, and all others
who have this complaint (of whom there seem to be many), that they go ahead
and generate a "reduced security" key pair for use on-line.  That is, the
private key will be accessed while you are on-line so that it is easy for you
to use it for routine signing and encryption/decryption.

There are at least 3 good reasons to do this:

1.  Even though a hacker or sysadmin on your system can then read your mail
or fake mail from you, at least a hacker or sysadmin on *my* system can't
read my mail to you or fake mail from you to me.

2.  "Think of it as a form of solidarity."  If everyone used these "reduced
security" keys, and the hypothetical Big Brother police organizations want 
to routinely scan e-mail for keywords or something, they would have to 
secretly get access to every ISP and freenet in the country!  By 
transmitting your e-mail in the clear you are making their job a lot 

3.  The more people have "-----BEGIN PGP SIGNED MESSAGE-----" in their 
UseNet posts and e-mail, the more people will say "Hey what is this PGP 
stuff?" or "Hey, everyone seems to be using PGP, maybe I should get in 
on it."

  By using a "reduced-security" private key you are gaining some of the 
advantages of public-key cryptography for yourself as well as contributing 
to its widespread acceptance in net.society.

  (You might think that most people on the Internet know about PGP, but this
is not true.  Only a fraction have even heard of it, and only a *small*
fraction have any understanding of it.  A small fraction of *that* population
uses it regularly, which is what I am trying to change.)

Ed wrote that he downloads text to his home computer and signs it with his
high-security private key there when he feels that it is important enough.
He should continue to do this!  I have one key which I keep on my home
computer (and which my more paranoid friends like to use) and one which I
keep on colorado.edu computers.  (Both keys have signed each other, by the

I know that Zimmermann specifically warns against what I am suggesting in
pgpdoc1.txt, and I think that it is a mistake for him to do so.

In short, there is no reason why every PGP-aware individual should not
at least clearsign if not encrypt every message which he or she transmits.  
There are several advantages to doing this and no disadvantages.

The greatest threat to security is that people don't use it!  Help change 
that by encrypting/signing *all* of your output.


 In alt.security.pgp, Ed Pugh <[email protected]> wrote:
>Not to mention the fact that it is a major PITA for those of us who
>do not have a decent off-line news/mail program.  My main connection
>to the net from home is the National Capital FreeNet here in Ottawa.
>It is the main reason why I do not sign my posts.  I do (and have done)
>if I feel that a posting is somehow "important" enough to warrant a
>signature, but those tend to be *very* rare.
>From home, I use a dial-up access with a PC terminal emulator program
>(I use TELIX).
>The three or four postings in this thread which were encrypted had to
>be down-loaded (using screen capture), then decrypted in DOS.  It would
>be nice to have a decent off-line reader/editor but .... <sigh>.
>Please let's keep postings in the clear.  If I feel a need to verify a
>signature, I will (using the method above).

Version: 2.6.2
Comment: Auto-signed with Bryce's Auto-PGP v1.0beta Unix script