-----BEGIN PGP SIGNED MESSAGE----- To: lmccarth@ducie.cs.umass.edu cc: cypherpunks@toad.com Subject: Re: public accounts / PGP / passphrases

Could someone please elaborate on the foolishness of using PGP with a passphrase on a public machine (as I do) ? Am I wrong in thinking that my secret key is useless to an intruder until she guesses my passphrase ? I have no net access except via an account on a public machine, so I'm not about to start storing my secret key elsewhere, but I'll change my passphrase to <null> if it's irrelevant anyway. I just reviewed the PGP docs a bit and Phil says "Nobody can use your secret key file without this pass phrase.", which seems to contradict what many people on the list have said.

For someone to use your secret key, they need two things: 1) Access to your secring.pgp file, and 2) Your passphrase On a public system, 1) is easy (relatively speaking). 2) is more difficult, but someone could theoretically listen in to the line anywhere between your keyboard and the CPU. What do you know about what's going on on the other end of the phone line? My rule of thumb (for me) is to only use PGP when I have direct control over everything between the keyboard on which I am typing, and the CPU on which PGP is running. This doesn't mean that you _can't_ run PGP on a public machine. It also doesn't mean that you _shouldn't_, either. It is a matter of security -- how secure do you want your key to be. If you really don't mind it being insecure, you might as well generate a 384-bit key (which has been proven by RSA-129 to be insecure to an amateur attack). What do you use to contact your public machine? Do you dial in from home? What kind of machine do you have at home? You might consider running PGP at home if that is at all possible. It would be nice to integrate PGP into terminal emulators, too, like kermit or seyon or red ryder or whatever, so that you could easily use PGP locally to sign/encrypt things on the remote end. Wishful thinking, I guess... Does this help? - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBuAwUBLt6Jjjh0K1zBsGrxAQEo+ALFEwLyrvYtScjSWOPVhwdFT9SByDCRYset 5H/1tupjC3M1RFINVj80sxMFZT4kdvKj2IR6dMbKzbFaqVFw7lAWPhF6Yfwk2q6O gWhx+G3VrJoRm4gEHNFIVMA= =DKmQ -----END PGP SIGNATURE-----

lmccarth@ducie.cs.umass.edu writes:

Could someone please elaborate on the foolishness of using PGP with a passphrase on a public machine (as I do) ?

It is not secure to use your private key on a machine that you do not have physical control over. It is probably secure to store a passphrase-protected private key on such a machine, as long as you do not feed it into a program which decrypts it.

Am I wrong in thinking that my secret key is useless to an intruder until she guesses my passphrase ?

Or monitors your keystrokes as you type in your passphrase, or watches your address space as PGP uses the key, etc etc... Given the state of Unix security, I would certainly not want to type my passphrase into a Unix box unless I was the only user, was directly connected to the box through a wire I could see, and had just done a fresh boot after verifying the MD5 hash on all the OS binaries. Not likely to be the case at your average public installation.

I have no net access except via an account on a public machine, so I'm not about to start storing my secret key elsewhere, but I'll change my passphrase to <null> if it's irrelevant anyway.

Having a passphrase will protect against casual acquisition of your private key, but only physical security when the key is used will protect you against a determined opponent. --- As long as I am typing, permit me to add my two cents to the "digital signatures on the list" flame war. Like many proponents of strong cryptography, I rarely use it in everyday life. I occasionally encrypt personal mail to friends overseas when I know it is going to take numerous hops over insecure links en route, and I will digitally sign mail or Usenet articles if I want to say something that I consider important in a way that cannot be altered or spoofed. This happens rarely. I would consider having to digitally sign everything I post to the list, no matter how frivilous, the moral equivalent of being allowed to speak only while under sworn oath. Now oaths and notaries are certainly useful things in appropriate places, like courtrooms and lawyers offices, but I don't think any of us would care to live our lives having our every utterance subject to their certification. It would certainly not aid our cause to have the government be able to point and say - "Even the cypherpunks make people digitally identify themselves when posting messages to their list" - while at the same time attempting to explain to people why we aren't happy with Chaum's less than anonymous ECash or Web sites that require registration and personal information before permitting access to privacy-related material. The Net, like life, offers a certain plausable deniability in what has been said, and who has said it. Some of the best messages on the list in past years have been Tim's witty and entertaining spoofs of his ideological opponents. Let's save absolute certainty about the real or pseudo-anonymous identities of speakers in this forum for times when, in the sole opinion of the person posting, such certainty is deemed necessary. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $