From: Steve Reid <steve@edmweb.com>
To: Alan Olsen <alano@teleport.com>
Message Hash: bfcb3bdfc838efbae150dcfd4cb684b6fbcfd40283cf51344312eae644415b8f
Message ID: <Pine.BSF.3.91.960428165931.10757A-100000@kirk.edmweb.com>
Reply To: <2.2.32.19960428231217.00ac5b6c@mail.teleport.com>
UTC Datetime: 1996-04-29 07:06:24 UTC
Raw Date: Mon, 29 Apr 1996 15:06:24 +0800
From: Steve Reid <steve@edmweb.com>
Date: Mon, 29 Apr 1996 15:06:24 +0800
To: Alan Olsen <alano@teleport.com>
Subject: Re: PGP and pseudonyms
In-Reply-To: <2.2.32.19960428231217.00ac5b6c@mail.teleport.com>
Message-ID: <Pine.BSF.3.91.960428165931.10757A-100000@kirk.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain
> >this pseudonym. If this person's secret keyring were stolen, could
> >person=pseudonym be revealed, based on the key ID? Or would it require
> >knowing the passphrase?
>
> Yes, the person=personna would be revealed. No, a passphrase would not be
> needed.
> To demonstrate try "pgp -kv secring.pgp" and see what you get.
I kinda figured that... I was just wondering if maybe the info could be
altered, so that the real info can't be figured without getting the
passphrase.
> I hope this gets fixed in PGP 3.0.
I guess pseudonymity(sp?) wasn't the main concern when PGP was created.
I suppose a temporary fix would be to not use an ordinary PGP passphrase,
but rather encrypt the whole secring.pgp file. Decrypt it when you need
it, and be very careful to properly clean up when you're done.
=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) |
| Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 |
| -- Disclaimer: JMHO, YMMV, IANAL. -- |
===================================================================:)
Return to April 1996
Return to “Steve Reid <steve@edmweb.com>”