[colug-432] Keysigning Party at OLF

Joshua Kramer josh at globalherald.net
Sat Sep 3 15:22:11 EDT 2011


> Why does one need to do that? Why not just use the computer's hard drive?

At the hobbyist level, it's mostly academic.  If you really need high 
security (i.e. you guard valuable corporate secrets, you are a political 
dissident in a dangerous country, etc.) then the following apply.  Also, I 
could imagine a case in a household where you live with someone else who 
is not so friendly to your interests... you don't want them to get your 
private keys, even though they have access to your computer.

If someone gets access to your computer and private keys, then if they can 
somehow cajole your password out of you (or a browser cache, or 
unencrypted swap space) then you are toast.

When you generate a private/public keypair on a smart card, the private 
key always stays on the card.  And, most cards nowadays are set up such 
that if someone attempts to open the case surrounding the chip, it will 
zero out all of the private keys.  Furthermore, some cards are set up so 
that they won't allow use of the private keys unless you enter a PIN on 
the smartcard reader.

Having said that, the following applies:

http://xkcd.com/538/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SpamAssassinReport.txt
Url: http://lists.colug.net/pipermail/colug-432/attachments/20110903/04e339a1/attachment-0001.txt 


More information about the colug-432 mailing list