Generating and storeing keys on usb pen

Robert J. Hansen rjh at
Wed Apr 25 18:04:31 CEST 2007

> Thieves usually don't steal USB pen drives; there is almost no  
> market for
> stolen USB pen drives.

Professional thieves, no.  On the other hand, living on a college  
campus I've seen tons of thumb drives get stolen.  Someone leaves  
their drive on a table for a few minutes while they're off in the  
bathroom, someone else walks along and--"hey, free drive.  I can use  
one of these."

There are far, far more thieves of opportunity in the world than  
there are professional thieves.

> Keeping your keys on a USB pen drive has the additional benefit that
> you can use them on multiple machines without having multiple copies
> of the keys and the problems inherent with keeping the multiple copies
> of your keys in sync.

USB is a peer to peer protocol; it requires substantial computing  
power on both ends of the connection.  I'm just waiting for the first  
virus which targets common USB drives; it would rip through colleges  
and workplaces like wildfire.

It seems unwise to advocate plugging USB drives into multiple  
machines unless you're comfortable with the idea your drive may be an  
infection vector.  And frankly, I don't want my keys to be on the  
same token as a token which is going to be shared around a large  
number of computers, not all of which I will control.

> The thrust is that a USB pen drive is no better than a lap-top.

In some respects it is probably worse.

More information about the Gnupg-users mailing list