[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one time pads

Physical security is not a big issue for RSA (in the pgp implementation)
because the secret key ring is itself encrypted.  The problem is not so much
physical-intrusion-to-get-the-key as it is physical intrusion aimed at
modifying software.  It would be easy to modify pgp so that the keys are
logged, etc, in a way transparent to the user.  This is why it is important
to keep both the keys and the software that manipulates them off line.  It
is also important to keep the software from being tampered with.  The best
way to do this is to put the keys and the software on a hard disk, and put
the hard disk in a computer, and carry the computer with you whereever you