PGP and pseudonyms
Steve Reid
steve at edmweb.com
Mon Apr 29 00:06:24 PDT 1996
> >this pseudonym. If this person's secret keyring were stolen, could
> >person=pseudonym be revealed, based on the key ID? Or would it require
> >knowing the passphrase?
>
> Yes, the person=personna would be revealed. No, a passphrase would not be
> needed.
> To demonstrate try "pgp -kv secring.pgp" and see what you get.
I kinda figured that... I was just wondering if maybe the info could be
altered, so that the real info can't be figured without getting the
passphrase.
> I hope this gets fixed in PGP 3.0.
I guess pseudonymity(sp?) wasn't the main concern when PGP was created.
I suppose a temporary fix would be to not use an ordinary PGP passphrase,
but rather encrypt the whole secring.pgp file. Decrypt it when you need
it, and be very careful to properly clean up when you're done.
=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) |
| Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ |
| PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 |
| -- Disclaimer: JMHO, YMMV, IANAL. -- |
===================================================================:)
More information about the cypherpunks-legacy
mailing list