1994-09-12 - Re: Running PGP on Netcom (an

Header Data

From: snyderra@dunx1.ocs.drexel.edu (Bob Snyder)
To: cypherpunks@toad.com
Message Hash: 8d29defded239a72b28f91488826b8ac05f99407cfd31052222e696da651d59c
Message ID: <aa9a0242030210035238@DialupEudora>
Reply To: N/A
UTC Datetime: 1994-09-12 13:16:20 UTC
Raw Date: Mon, 12 Sep 94 06:16:20 PDT

Raw message

From: snyderra@dunx1.ocs.drexel.edu (Bob Snyder)
Date: Mon, 12 Sep 94 06:16:20 PDT
To: cypherpunks@toad.com
Subject: Re: Running PGP on Netcom (an
Message-ID: <aa9a0242030210035238@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 3:52 AM 9/12/94, SAMUEL KAPLIN wrote:

>What illusion of security? If I have my secret keyring residing someplace
>where I can't physically control who has access to it, no way is this
>keyring secure!! It goes against the definition of a secret. Once you tell
>someone a secret, It no longer is a secret. In effect this person has told
>Netcom his secret, therefore it no longer is a secret. Just because you're
>paranoid, doesn't mean they're not out to get you. Be paranoid!!

But keeping it on your home machine, the bad guys could break into your
house, set up a keyboard monitoring program, and get it that way.  Or if
they wanted to, grab you and force you to reveal your key.

It's not black and white.  There are degrees of security.  I keep my
encrypted secret key on dunx1, a UNIX box used by many other people.
Anyone who has the ability to can either watch my keystrokes, probe through
memory to retrieve my key or message, or probably a few other things I
haven't thought of.  The benefit, though, of being able to decode messages
as soon as I receive them, and being able to send encrypted messages when
I'm not at home is major.  For me at least, it's a fair trade-off.

There isn't anything I send right now that I would find particularly
embarassing should it become public knowledge.  If I did get into that
situation, I'd probably create a second key pair for use only at home, and
keep both in use.

The bad guys will almost always be able to get your key.  Even if they have
to get you to get it.  The goal is to raise the difficulty such that they
aren't willing to do it.

Bob

--
Bob Snyder N2KGO                               MIME, PGP, RIPEM mail accepted
snyderra@post.drexel.edu                      PGP & RIPEM keys on key servers
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







Thread