Enigmail speed geeking

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 12 16:51:15 CET 2015


> As to your enigmail essay, point 1, would you go that far that
> keeping keys on hard disk is unsafe and using a smart card is a
> must?

For many users, smart cards are a good idea.  (I've got one myself.)
But for just as many users, smart cards are inconvenient and overkill.
Frankly, they have awful usability, just terrible.  When I receive an
email message encrypted to my smart card key, finding the smart card is
easy -- it's in my wallet -- but finding the smart card *reader* is the
sort of thing that leads me to crazed conspiracy theories.  Is the
reader attached to my laptop?  Did I leave it at the office?  Did I kick
it under the sofa?  Did the space aliens from Zarbnulax take it?

The upshot of it is that whenever I want to decrypt messages sent to my
smart card, in the best case scenario (I remember where the reader is
and it's within a few meters of my desk) it takes me 30-45 seconds to
read the message.  In the worst-case scenario, I'm in Valencia, Spain,
and my reader is in Washington, D.C., and there's no way I'm reading
this traffic until I get home.  (And in case you're wondering, yes, that
really happened to me.)

If email crypto makes it hard to read email, few people will adopt the
technology.  We want technologies that make our lives easier, not
harder.  Smart cards, although a really good idea in certain
environments, make crypto harder in a lot of environments.  I'm not sure
the (marginal) additional security from using a smart card is worth the
(very real) usability expense.

Is it unsafe to keep your keys on your hard disk?  Dunno.  Depends a lot
on your situation.

Is using a smart card a must?  Dunno.  Depends a lot on your situation.

Hope this helps.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150312/28f90c59/attachment-0001.sig>


More information about the Gnupg-users mailing list