Re: Using PGP on Insecure Machines
Also importantly, the user interfaces for PGP simply suck as it stands, making people like Tim uninterested in going through the .... At the risk of repeating myself, what's the problem with wrapping PGP in a shell script? Works for me - see a previous mailing, complete with wrapper scripts. I can send either encrypted or just signed email without especially noticing it.
Wrapping PGP in shell scripts is only useful for people who use shells, and a lot of people either use GUIs instead (often non-extensible ones), or keep their PGP on PCs at home rather than their networked Unixen at work where they get their mail. This means that to use PGP, they need to do things like kermit from home to work, read their mail, save it in files, kermit the files to their PC, PGP-decrypt and read them on the PC, etc. It's a bit easier if people have remote-scriptable terminal emulators on their PCs, which let the Unix end run a script to save the file and download it and maybe fire up PGP on the PC, but it still feels annoyingly like work, and if your Unix box can download files to your PC and run them, it can run pgp-steal-keys just about as well as real PGP. Similarly, if you've got TCP/IP running on your PC, whether through SLIP or directly, you've still got a security risk to worry about. You can reduce these problems by running a _real_ operating system on your PC, but it's tougher to run your favorite applications that way, and you still need to either run all your mail down to the PC, which isn't practical for lots of people, or explicitly forward the stuff down there from your main mail system. There's another transparency problem, at least for reading encrypted mail - you either need to type in your passphrase each time, which is annoying and increases exposure somewhat, or you need to leave it aorund in environment variables, etc., which also increase exposure. On the other hand, a shell script approach can be just fine for signature checking, as long as your mailreader has a painless interface, since there isn't much security risk from having PGP on a machine without your real secret key and passphrase there. There's still some risk - if the machine is shared with other people, someone may be able to replace PGP with pgp-cc:-kgbvax or pgp-nsa-sig-verify - but it's a start. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465
-----BEGIN PGP SIGNED MESSAGE-----
You can reduce these problems by running a _real_ operating system on your PC, but it's tougher to run your favorite applications that way, and you still need to either run all your mail down to the PC, which isn't practical for lots of people, or explicitly forward the stuff down there from your main mail system.
There's another transparency problem, at least for reading encrypted mail - you either need to type in your passphrase each time, which is annoying and increases exposure somewhat, or you need to leave it aorund in environment variables, etc., which also increase exposure.
I use Linux at home, and uucp my email down at regular intervals to the box at home. When I want to run windoze, I just say "reboot". The Linux uucp runs just fine, and talks to everyone else, as far as I know. I keep my PGP pass phrase in $PGPPASS, although I have to type it in every time I log in - small price to pay. The machine at home is pretty secure - - I hope! :) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl0efyS9AwzY9LDxAQGtygP9GjJtTV+0O+RNzC2+4ypQ0i18gY36kZh5 1KekzPYZQtQdNxUwsziRENhr1UC4GT/BI0m83Bf74jHl/fFJXOzeoGJQLLJwnufD XT/HnRlOHa6DR3ZxrEH3BomnWHqCzUhGk5khnf9VdU6qi6kNJyLCf40R2BdtAxRf YzDt2q7Bw1k= =9Zxg -----END PGP SIGNATURE-----
participants (2)
-
khijol!erc@apple.com -
wcs@anchor.ho.att.com