Corporate public key?

[Joseph Bruni]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Those USB keychains are way-cool. I agree this will work, but as others 
have pointed out in this forum, plugging a memory stick into a computer 
subjects that stick to possible behind-the-scenes copying as well as 
logging of one's key-strokes (this would be trivial to accomplish by 
anyone with root access). The same root user could log the password in 
either case.

Perhaps I'm just ultra-paranoid: I just carry around my own laptop 
which is convenient enough. I can either jack-in or just connect to our 
net via wireless. (Yes, I know 802.11b isn't secure, but I am doing 
ssh...)

<shameless-apple-plug>
Heh. Not too long ago we had a consultant in who tried to use a USB 
disk keychain on a Dell/Win2KPro. Every time he inserted the keychain 
into the USB port, the Dell rebooted. It was hilarious. I think he lost 
a good hour downloading drivers, etc. and never did get it to work. So 
I plugged it into my iBook and served up the disk for him via Samba. He 
was not happy. ;)
</shameless-apple-plug>


On Tuesday, July 8, 2003, at 07:13 PM, Ben Finney wrote:

> I've made the investment of a USB stick with 128MiB flash memory.  This
> stores my SSH keys, GPG keys, and tools to use them on various OSen.
> Most places I go will have a USB port available on some machine
> somewhere; I just plug in my memory stick and fire up the SSH client.
>
> This is not appropriate in all circumstances, but it greatly increases
> the number of places from which I can access my accounts without using
> password authentication.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iEYEARECAAYFAj8LgPgACgkQ4rg/mXNDweO/jACfRq+r4jmeXAeu6tQODZFXNkAS
NiIAnjqoq9OXR33xTnU1J2hz6QeG2s9/
=YUC+
-----END PGP SIGNATURE-----