[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running PGP on Netcom

Subject: Re: Running PGP on Netcom (an

>> But keeping it on your home machine, the bad guys could break into your
>> house, set up a keyboard monitoring program, and get it that way.  Or if
>> they wanted to, grab you and force you to reveal your key.

It's highly doubtful that they could physically get to my computer without
my knowledge. I service alarms for a living. I work for the company who
monitors my alarm. I am the only person who knows the specs on my alarm. It
would be pretty tough to conceal a court order to suspend the monitoring
from me. Someone would tip me off.  Plus the system will communicate with
me via 2 other methods that no one knows about. Pretty doubtful.

>> It's not black and white.  There are degrees of security.  I keep my
>> encrypted secret key on dunx1, a UNIX box used by many other people.
>> Anyone who has the ability to can either watch my keystrokes, probe throug
>> memory to retrieve my key or message, or probably a few other things I
>> haven't thought of.  The benefit, though, of being able to decode messages
>> as soon as I receive them, and being able to send encrypted messages when
>> I'm not at home is major.  For me at least, it's a fair trade-of

I guess it depends on your level of paranoia or guilt. :) If I was just
putzing around with the software, then I wouldn't be too concerned. If I
was actually doing something illegal or confidential with the software
then I would be greatly concerned. But under no circumstances would I
consider that arrangement secure. If the cops nail this guy, he has no one
to blame but himself. He hanged his own ass.

>> There isn't anything I send right now that I would find particularly
>> embarassing should it become public knowledge.  If I did get into that
>> situation, I'd probably create a second key pair for use only at home, and
>> keep both in use.

Then you have the possibility of people sending you secure messages on a
compromised key. (The one on the Unix Box) In most cases, its not the
technology that nails you, it's human error. Take for example the recent
Tiffany's robbery. The police hadn't a clue who pulled it off. I heard
statements of grudging praise from many members of the NYPD police
department. It was very close to the perfect robbery. They received a tip
from a citizen that someone was selling rings matching the description of
the stolen merchandise on the street. They busted this individual and he
sang. If they would have left the goods sit for a couple of years, they
would have gotten away with it. Human stupidity compromised the whole

>> The bad guys will almost always be able to get your key.  Even if they hav
>> to get you to get it.  The goal is to raise the difficulty such that they
>> aren't willing to do it.

This is probably true, but in most cases they won't have to take it from
you. Somehow someone will screw up and hand it to them on a silver platter.
Instead of John the Baptist's head, its yours! ;{

Version: 2.6.1


  Fido: Sam Kaplin  1:282/1018           | "...vidi vici veni" - Overheard
  Compuserve: 75240,131                  | outside a Roman brothel.
  [email protected]         |
  75240,[email protected]               | Change is the only constant in the
 For confidential communications use PGP | Universe..."Four quarters, please."

                Processed by WILDUUCP! v1.00  for WILDCAT!