16 Oct
1992
16 Oct
'92
12:08 a.m.
Physical security is not a big issue for RSA (in the pgp implementation) because the secret key ring is itself encrypted. The problem is not so much physical-intrusion-to-get-the-key as it is physical intrusion aimed at modifying software. It would be easy to modify pgp so that the keys are logged, etc, in a way transparent to the user. This is why it is important to keep both the keys and the software that manipulates them off line. It is also important to keep the software from being tampered with. The best way to do this is to put the keys and the software on a hard disk, and put the hard disk in a computer, and carry the computer with you whereever you go. e