Importance of time in pgp algorithms

Thomas Sjögren thomas at northernsecurity.net
Wed Jan 28 00:08:04 CET 2004


On Tue, Jan 27, 2004 at 05:13:14PM -0500, Nicholas Paul Johnson wrote:
> 1.) I have a laptop that does not keep good time.  Will the clock skew 
> affect GPG adversely while encrypting or decrypting emails?

I dont know how GPG is affected by a wrong clock, but your system is
affected for sure. Log reports shows the wrong time, you mail will
either be sent in the future or be old. Dont know how much your clock is
wrong but i've mail sent from the year 2005 etc. I suggested you
"invest" in a ntp daemon.

> 2.) I also use a desktop.  Is it secure for me to simply duplicate my 
> ~/.gnupg directories on each machine (assuming that I copy the files in a 
> secure way), or should I create a different key-pair for the desktop 
> machine?

If you trust the machine secure copying is an option, but a more
convinient way is to get hold of a usb storage device (that should be
able to be in read-only mode) or burn it to a cd so you can transfer it
between the machines and umount it when you dont use it.

/Thomas
-- 
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040128/a828a27f/attachment.bin


More information about the Gnupg-users mailing list