1993-04-04 - Re: PGP help and comments.

Header Data

From: J. Michael Diehl <mdiehl@triton.unm.edu>
To: mccoy@ccwf.cc.utexas.edu (Jim McCoy)
Message Hash: 3665a206e22d662a37382ea41ab35aa2f694f1d343a346f8f3dec5c5cbd43a59
Message ID: <9304040818.AA20036@triton.unm.edu>
Reply To: <9304040758.AA07164@tigger.cc.utexas.edu>
UTC Datetime: 1993-04-04 08:18:19 UTC
Raw Date: Sun, 4 Apr 93 00:18:19 PST

Raw message

From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Sun, 4 Apr 93 00:18:19 PST
To: mccoy@ccwf.cc.utexas.edu (Jim McCoy)
Subject: Re: PGP help and comments.
In-Reply-To: <9304040758.AA07164@tigger.cc.utexas.edu>
Message-ID: <9304040818.AA20036@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


>J. Michael Diehl <mdiehl@triton.unm.edu> writes:
>> I would like to use pgp on the mainframes, but don't want to store my secret
>> key on their disks.   Would it be possible to have pgp accept it's secret key
>> via stdin.  I could do an ascii upload of my secret key and never expose my
>> key to disk-storage.
> 
> This is even more dangerous than storing it on the disks of a multi-user
> machine.  Unless you are running in a kerberos environment it is trivial to
> snoop your upload off the network, and even without that weakness you are
> exposing yourself to the same problem that the docs mention (it is really
> pretty easy to scan someone's terminal input) only you are giving them the
> key outright instead of only giving them the passphrase to your key.

Point taken. 
> 
> Bad idea.

Sure is.  Thanx.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.2
 
mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU
9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll
aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg==
=YquS
-----END PGP PUBLIC KEY BLOCK-----






Thread