key security

[Trevor Smith]

On Tue, 9 Apr 2002 21:37:18 +0200, Jeroen Valcke wrote:

>1/ What about key security. Do you people all leave your private key on
>the harddisk of your machine. On Debian linux that's in the .gnupg
>directory. How about putting this whole directory on removable media
>(for example diskette) A colleague of mine has his on a remove USB
>media. Good idea? reactions? impractical?

I keep mine on my hard drive with a backup on floppy which is in a
safe deposit box, in case of catastrophic hard disk failure, fire,
etc. (as opposed to "in case of burglary"). The simple fact is, for
most of us, encryption is not necessary. However, some of us
subscribe to the idea that continual use of encryption is a Good
Idea. (Some of us also just think it's cool.) Since I fall into those
categories, I don't worry about someone trying to hack my keyrings so
I don't get ultra paranoid about them. Plus, I live alone and I'm the
only one with access to my computer on a regular basis.

>-Jeroen-
>A confused newbie.

Don't sweat being confused. It has frustrated me for a long time how
simple public-key encryption is at its core (i.e. the processes that
would account for 90+% of the use by 90+% of the users if the "common
person" would use it) yet how unbelievably complex most
implementations of it are (because it's generally not used by the
"common person" and because it's generally written by computer geeks
for computer geeks). Most of us don't care about 'webs of trust',
which algorithms are used, etc. We just want: 1) to get our friend's
public keys so we can encrypt messages to them; and 2) give our
friends our public keys so we can sign messages and they can verify
them (and send us encrypted messages).

sigh.


-- 
 Trevor Smith    |    trevor@haligonian.com