From: mccoy@ccwf.cc.utexas.edu (Jim McCoy)
To: mdiehl@triton.unm.edu (J. Michael Diehl)
Message Hash: 5f0f9d7ff7733ee906597eed7e57a01e3642ef7a1e322c6856e945f734ab7a72
Message ID: <9304040758.AA07164@tigger.cc.utexas.edu>
Reply To: <9304040558.AA17596@triton.unm.edu>
UTC Datetime: 1993-04-04 07:58:38 UTC
Raw Date: Sat, 3 Apr 93 23:58:38 PST
From: mccoy@ccwf.cc.utexas.edu (Jim McCoy)
Date: Sat, 3 Apr 93 23:58:38 PST
To: mdiehl@triton.unm.edu (J. Michael Diehl)
Subject: Re: PGP help and comments.
In-Reply-To: <9304040558.AA17596@triton.unm.edu>
Message-ID: <9304040758.AA07164@tigger.cc.utexas.edu>
MIME-Version: 1.0
Content-Type: text
J. Michael Diehl <mdiehl@triton.unm.edu> writes:
>
> I would like to use pgp on the mainframes, but don't want to store my secret
> key on their disks. Would it be possible to have pgp accept it's secret key
> via stdin. I could do an ascii upload of my secret key and never expose my
> key to disk-storage.
This is even more dangerous than storing it on the disks of a multi-user
machine. Unless you are running in a kerberos environment it is trivial to
snoop your upload off the network, and even without that weakness you are
exposing yourself to the same problem that the docs mention (it is really
pretty easy to scan someone's terminal input) only you are giving them the
key outright instead of only giving them the passphrase to your key.
Bad idea.
jim
Return to April 1993
Return to “Nickey MacDonald <i6t4@jupiter.sun.csd.unb.ca>”