E-Mail Encryption: Why Isn't Everyone Doing It?
Martin Christensen
factotum@gvdnet.dk
Thu Oct 24 00:49:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Eric" == Eric S Johansson <esj@harvee.billerica.ma.us> writes:
Eric> The next sacred cow to be slaughtered is I will not require any
Eric> passphrases. Yes, if an attacker gets in and steals the private
Eric> key, they can cause all sorts of mischief. The chances of the
Eric> happening are extremely low especially if we generate new keys
Eric> on a regular basis.
If it were to become widespread, then it would be useless. If everyone
encrypts their stuff but leave their unprotected private key floating
around much like they do their address books, then all they have is a
false sense of security. It would take two weeks for the first virus
to come by to collect secret keys. Even relatively simple passphrases
(relatively being defined as being able to withstand, say, John the
Ripper for at least a couple of hours) to protect the private keys
would make it infeasible to try to reap keys en masse.
Martin
- --
Homepage: http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>
iEYEARECAAYFAj23J7EACgkQYu1fMmOQldWP0gCglXgoMI80ZcPdRVqLWNmYdVWy
gCkAnAjOG95KXTQsepEtII008gb+VE1P
=xiQe
-----END PGP SIGNATURE-----