1994-02-24 - Re: quetion about Multi-user systems

Header Data

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: 68954@brahms.udel.edu
Message Hash: 4689a2beaafb843926aedf3729ef4167f7a9ecd42823fa95b4e4bbfe06010c89
Message ID: <9402240040.AA22465@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1994-02-24 01:02:51 UTC
Raw Date: Wed, 23 Feb 94 17:02:51 PST

Raw message

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 23 Feb 94 17:02:51 PST
To: 68954@brahms.udel.edu
Subject: Re:  quetion about Multi-user systems
Message-ID: <9402240040.AA22465@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


The problem of managing PGP between your PC at home (whether DOS, Mac, or Unix)
and insecure machine at work/school/email-seller comes up a lot.
One way to handle it is to only do PGP at home, which is inconvenient,
but you can at least use workarounds like logging into the work system from home,
uploading the file with kermit or reading directly with POP,
decrypting, and reversing the process to respond.
A much less secure way is to only read it at work :-)
An intermediately insecure approach, depending on how paranoid you are,
is to have two public keys, a more secure one you use only at home,
and a less secure one (which you might as well use a short key for)
that you use for mail sent to your work account, and make sure you
only connect to directly, not from dumb terminals on terminal servers
or dialins, both of which may go across a LAN.  Since PGP lets you store 
multiple keys on your secret key ring, you *can* have your home machine
know about both keys, so you can upload and read the work mail at home.

Of course, if you want a really insecure approach, you can attach a modem
to your home system so you can kermit in to it from work, upload the file,
and decrypt it there, typing your "high security" password on the
multi-user Unix box across some LAN to a modem pool on a terminal server,
leaving 3-4 opportunities for someone to listen.

What do I do?  I used to not have a PC, so I did my PGP on my diskless
workstation, which was rabidly insecure, and indicated in my key's
user-description field that it was a multi-user system.
Now I do my work computing on a laptop, so it's the only placve I do PGP,
and it's ViaCrypt for legality.

		BIll
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





Thread