At 3:52 AM 9/12/94, SAMUEL KAPLIN wrote:
What illusion of security? If I have my secret keyring residing someplace where I can't physically control who has access to it, no way is this keyring secure!! It goes against the definition of a secret. Once you tell someone a secret, It no longer is a secret. In effect this person has told Netcom his secret, therefore it no longer is a secret. Just because you're paranoid, doesn't mean they're not out to get you. Be paranoid!!
But keeping it on your home machine, the bad guys could break into your house, set up a keyboard monitoring program, and get it that way. Or if they wanted to, grab you and force you to reveal your key. It's not black and white. There are degrees of security. I keep my encrypted secret key on dunx1, a UNIX box used by many other people. Anyone who has the ability to can either watch my keystrokes, probe through memory to retrieve my key or message, or probably a few other things I haven't thought of. The benefit, though, of being able to decode messages as soon as I receive them, and being able to send encrypted messages when I'm not at home is major. For me at least, it's a fair trade-off. There isn't anything I send right now that I would find particularly embarassing should it become public knowledge. If I did get into that situation, I'd probably create a second key pair for use only at home, and keep both in use. The bad guys will almost always be able to get your key. Even if they have to get you to get it. The goal is to raise the difficulty such that they aren't willing to do it. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra@post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.