[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running PGP on Netcom (an

At 3:52 AM 9/12/94, SAMUEL KAPLIN wrote:

>What illusion of security? If I have my secret keyring residing someplace
>where I can't physically control who has access to it, no way is this
>keyring secure!! It goes against the definition of a secret. Once you tell
>someone a secret, It no longer is a secret. In effect this person has told
>Netcom his secret, therefore it no longer is a secret. Just because you're
>paranoid, doesn't mean they're not out to get you. Be paranoid!!

But keeping it on your home machine, the bad guys could break into your
house, set up a keyboard monitoring program, and get it that way.  Or if
they wanted to, grab you and force you to reveal your key.

It's not black and white.  There are degrees of security.  I keep my
encrypted secret key on dunx1, a UNIX box used by many other people.
Anyone who has the ability to can either watch my keystrokes, probe through
memory to retrieve my key or message, or probably a few other things I
haven't thought of.  The benefit, though, of being able to decode messages
as soon as I receive them, and being able to send encrypted messages when
I'm not at home is major.  For me at least, it's a fair trade-off.

There isn't anything I send right now that I would find particularly
embarassing should it become public knowledge.  If I did get into that
situation, I'd probably create a second key pair for use only at home, and
keep both in use.

The bad guys will almost always be able to get your key.  Even if they have
to get you to get it.  The goal is to raise the difficulty such that they
aren't willing to do it.


Bob Snyder N2KGO                               MIME, PGP, RIPEM mail accepted
[email protected]                      PGP & RIPEM keys on key servers
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.