public accounts / PGP / passphrases

lmccarth at ducie.cs.umass.edu lmccarth at ducie.cs.umass.edu
Thu Dec 1 18:14:01 PST 1994


[This message has been signed by an auto-signing service.
 A valid signature means only that it has been received at
 the address belonging to the signature and forwarded.]

-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Hal writes:
> Just create a special key for your netcom account.  Use no pass phrase;
> using one would give a misleading sense of security IMO.  Just pass your
> mail through "pgp -saft" or equivalent and you've got it.  It is easy to
> do this from most editors.

Could someone please elaborate on the foolishness of using PGP with a 
passphrase on a public machine (as I do) ?  Am I wrong in thinking that my
secret key is useless to an intruder until she guesses my passphrase ?  I
have no net access except via an account on a public machine, so I'm not
about to start storing my secret key elsewhere, but I'll change my passphrase
to <null> if it's irrelevant anyway.  I just reviewed the PGP docs a bit and
Phil says "Nobody can use your secret key file without this pass phrase.",
which seems to contradict what many people on the list have said.

- - -L. Futplex McCarthy; PGP key by finger or server
"Don't say my head was empty, when I had things to hide...." --Men at Work

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLt6Cq2f7YYibNzjpAQF3KwP/ZgxKliBQe+BQ+Q0FfiN9ycxTRWRHlPWY
qF4iqmxT70uWLm6hsSX6A88EKv1E+k4mfYhVAnT8XQCTp2wEYMVOHvlFJQiKHOCj
55Cot8bL7JCrJ+lUIDdCPOnNra61F2cc+S26EyB5jIKvudzkPLsWI49galG201M7
ILld5lrJhAw=
=vc9N
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBFAwUBLt6D+ioZzwIn1bdtAQGz5gF+Kokq6ZW/HpgRWowG2/+3QB913tJD2opJ
+gKNrxqTK40qzj/8pdNNpreKYrf4rWIi
=9YBk
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list