From: "Claborne, Chris at SanDiegoCA" <claborne@microcosm.sandiegoca.NCR.COM>
Date: Wed, 6 Jul 94 19:06:19 PDT
To: cypherpunks <cypherpunks@toad.com>
Subject: FW: Physical storage of key is the weakest link
Message-ID: <2E1B61AF@microcosm.SanDiegoCA.NCR.COM>
MIME-Version: 1.0
Content-Type: text/plain



<< some suggestion to keep keys secure on floppy>>

<<Lance Cottrel writes:
If your passphrase is good (128+ bits of entropy), then your private key is
as secure as the messages that you send. Although it need be broken only
once, I see no real danger of IDEA being compromised in the near future.
Given a good passphrase, I would suggest that you want multiple copies of
your key to prevent loss or accidental destruction. My passphrase is > 30
characters. Fortunately Mac PGP remembers the key during any given session
so typing is kept down a bit.
>>

If you are really paranoid, keeping your private keys super secure is a good 
idea.  If a bad guy were come and steal them all she needs to do find out 
your passphrase (using all kinds of attacks.... camera over your desk....) 
and bingo, they can read all past and future message traffic to you...

                                        ...  __o
                                       ..   -\<,
chris.claborne@sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.