Protecting private key on USB flash drive: how to?
faramir.cl at gmail.com
Fri May 9 20:21:46 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Robert J. Hansen escribió:
> Faramir wrote:
>> OMG... 8 highly complex steps... surely that will defeat any attempt
>> to seize my private key...
> Not really.
> Imagine a piece of malware that looks for new drives to be mounted. As
> soon as it gets mounted, the malware looks through the drive looking for
> interesting data. Malware such as this already exists and has been
> spotted in the wild.
> As soon as you mount a TrueCrypt volume, it becomes subject to these
> sorts of attacks. Note that the malware design doesn't have to
> accommodate TrueCrypt at all. The design is simple enough and robust
> enough to work regardless of whether you're using TrueCrypt or PGPDisk,
> or whether you're plugging in a USB token or a FireWire external hard
> drive, or... etc., etc.
Ok... but I think I would use this at my university, and there the
computers are safe enough... I can run programs (I have used portable
FireFox a lot of times), but I can't install anything... and a malware
would need to make changes to windows registry in order to be loaded
each time the computer start... The idea is to protect the private key
if the USB flash drive is lost or stolen. I really think nobody will
even know what is a secret key, but since we are talking about
security... I mean, I am intending to protect an email nobody is going
to hack, so, I should protect the key too, even if nobody is going to
know what to do with it if they found it...
Maybe I found an interesting solution: steganography. I can hide the
secret key inside a picture, and carry some pictures with me, as well as
the java program to recover it... Or maybe I should just use a
"son-of-b***h" passphrase that will take some thousand years to
bruteforce... By the way, how is the private keyring protected?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users