Extra key best solution for very insecure locations?
bahamut at digital-signal.net
Wed May 9 00:01:43 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Janusz A. Urbanowicz wrote:
> On Mon, May 07, 2007 at 04:27:55PM +0800, Jim Berland wrote:
>> Hello everybody,
>> I'm trying to find the best solution for using GPG on a USB drive
>> while travelling.
>> I read the FAQ about subkeys which suggests to only use subkeys on
>> insecure computers. As far as I understand this, though, anybody who
>> got hold of my private subkeys would still be able to read all my
>> previous mails. The document was obviously written with workplace
>> computers and such in mind, rather than heavily infected Windows PCs
>> in internet cafes.
> I suggest abandoning carrying the key, and taking a good look at
Which is probably even less secure. In order to compromise a
PGP-encrypted message (without breaking the encryption), one must have
the private key and passphrase. In order to compromise Hushmail, one
only needs the passphrase, which is easier to obtain remotely. The
former requires a silent keylogger, knowledge of the key's existence,
and a program that will silently copy the key. The former requires an
IE data miner (not uncommon) unless the café owner has another browser
like Firefox or Opera, or allows users to use a portable browser like
Firefox Portable. A keylogger would work for the latter as well.
Personally, I wouldn't take the risk on a machine that I consider
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users