[colug-432] Keysigning Party at OLF
Joshua Kramer
josh at globalherald.net
Sat Sep 3 15:22:11 EDT 2011
> Why does one need to do that? Why not just use the computer's hard drive?
At the hobbyist level, it's mostly academic. If you really need high
security (i.e. you guard valuable corporate secrets, you are a political
dissident in a dangerous country, etc.) then the following apply. Also, I
could imagine a case in a household where you live with someone else who
is not so friendly to your interests... you don't want them to get your
private keys, even though they have access to your computer.
If someone gets access to your computer and private keys, then if they can
somehow cajole your password out of you (or a browser cache, or
unencrypted swap space) then you are toast.
When you generate a private/public keypair on a smart card, the private
key always stays on the card. And, most cards nowadays are set up such
that if someone attempts to open the case surrounding the chip, it will
zero out all of the private keys. Furthermore, some cards are set up so
that they won't allow use of the private keys unless you enter a PIN on
the smartcard reader.
Having said that, the following applies:
http://xkcd.com/538/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SpamAssassinReport.txt
Url: http://lists.colug.net/pipermail/colug-432/attachments/20110903/04e339a1/attachment-0001.txt
More information about the colug-432
mailing list