Subject: Re: Running PGP on Netcom (an

...

But keeping it on your home machine, the bad guys could break into your house, set up a keyboard monitoring program, and get it that way. Or if they wanted to, grab you and force you to reveal your key.

It's highly doubtful that they could physically get to my computer without my knowledge. I service alarms for a living. I work for the company who monitors my alarm. I am the only person who knows the specs on my alarm. It would be pretty tough to conceal a court order to suspend the monitoring from me. Someone would tip me off. Plus the system will communicate with me via 2 other methods that no one knows about. Pretty doubtful.

...

It's not black and white. There are degrees of security. I keep my encrypted secret key on dunx1, a UNIX box used by many other people. Anyone who has the ability to can either watch my keystrokes, probe throug memory to retrieve my key or message, or probably a few other things I haven't thought of. The benefit, though, of being able to decode messages as soon as I receive them, and being able to send encrypted messages when I'm not at home is major. For me at least, it's a fair trade-of

I guess it depends on your level of paranoia or guilt. :) If I was just putzing around with the software, then I wouldn't be too concerned. If I was actually doing something illegal or confidential with the software then I would be greatly concerned. But under no circumstances would I consider that arrangement secure. If the cops nail this guy, he has no one to blame but himself. He hanged his own ass.

...

There isn't anything I send right now that I would find particularly embarassing should it become public knowledge. If I did get into that situation, I'd probably create a second key pair for use only at home, and keep both in use.

Then you have the possibility of people sending you secure messages on a compromised key. (The one on the Unix Box) In most cases, its not the technology that nails you, it's human error. Take for example the recent Tiffany's robbery. The police hadn't a clue who pulled it off. I heard statements of grudging praise from many members of the NYPD police department. It was very close to the perfect robbery. They received a tip from a citizen that someone was selling rings matching the description of the stolen merchandise on the street. They busted this individual and he sang. If they would have left the goods sit for a couple of years, they would have gotten away with it. Human stupidity compromised the whole operation.

...

The bad guys will almost always be able to get your key. Even if they hav to get you to get it. The goal is to raise the difficulty such that they aren't willing to do it.

This is probably true, but in most cases they won't have to take it from you. Somehow someone will screw up and hand it to them on a silver platter. Instead of John the Baptist's head, its yours! ;{ --BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg== =M8Dh --END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin@warehouse.mn.org | 75240,131@compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! ===========================================================================