[colug-432] Keysigning Party at OLF
Steve VanSlyck
s.vanslyck at spamcop.net
Sat Sep 3 15:36:58 EDT 2011
Except for the last part, is this somehow different from generating the
keys on my computer then moving the files to my USB flash drive?
----- Original Message -----
From: Joshua Kramer <josh at globalherald.net>
To: Central OH Linux User Group - 432xx <colug-432 at colug.net>
Date: Sat, 3 Sep 2011 15:22:11 -0400 (EDT)
Subject: Re: [colug-432] Keysigning Party at OLF
>
> > Why does one need to do that? Why not just use the computer's hard
drive?
>
> At the hobbyist level, it's mostly academic. If you really need high
> security (i.e. you guard valuable corporate secrets, you are a political
> dissident in a dangerous country, etc.) then the following apply. Also,
I
> could imagine a case in a household where you live with someone else who
> is not so friendly to your interests... you don't want them to get your
> private keys, even though they have access to your computer.
>
> If someone gets access to your computer and private keys, then if they
can
> somehow cajole your password out of you (or a browser cache, or
> unencrypted swap space) then you are toast.
>
> When you generate a private/public keypair on a smart card, the private
> key always stays on the card. And, most cards nowadays are set up such
> that if someone attempts to open the case surrounding the chip, it will
> zero out all of the private keys. Furthermore, some cards are set up so
> that they won't allow use of the private keys unless you enter a PIN on
> the smartcard reader.
>
> Having said that, the following applies:
>
> http://xkcd.com/538/
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
>
More information about the colug-432
mailing list