[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 26 Nov 2006 23:35:51 +0000 Neil Williams <linux@xxxxxxxxxxxxxx> wrote: > Security through obscurity is seldom worthwhile. Think carefully about > this encryption malarkey - you are encrypting files on the same machine > to a folder on that same machine using a GnuPG secret key that is also > stored on the one machine. > > Spotted the flaw yet? > > Anyone with access to your machine has access to the encrypted files! > If they don't have access, encryption provides no extra protection. If > they do have access, encryption is pointless because the secret key is > available. Remember: The secret key has two levels of protection - the > passphrase and access to the secret key file itself. If someone breaks > your login password they have access to the key file. If your GnuPG > passphrase is as insecure as your login password, they have access to > the encrypted files. > > If you are going to encrypt sensitive data as a method of storage: > 1. Encrypt to external media that do *not* also contain the secret key. > 2. Make a copy of the secret key as a text file and store it somewhere > *very* safe so that if the worst happens, *you* still have access to > your own data. > 3. Create a revocation certificate and store that very carefully too. > 4. Store the external media separately from the machine and the key > backups so that other disasters (like fire) don't cause you to lose > access to the storage media. > > Read the GnuPG FAQ on DCGLUG. > OK, I have carefully read all the above. At the moment I have no intention of using gpg for emails. It is just for me on my computer. I have a file which contains details of all my user names, passwords etc for the Internet along with my various pins. There is just too much to remember now. By having all the data in one encrypted file I need to make sure that I remember just one password, the one to decrypt that file. Anytime I can't remember a password, user name or whatever I can decrypt the file to look it up. And I put that file into a hidden folder as an extra precaution. That is really all that I am using gpg for at the moment. I did that when I was using Mandriva and I am setting it all up again in Kubuntu. I created the file in an editor and I was trying to save it in my hidden folder, which I have now done. Sorry, I didn't explain it fully before. If I ever decide to start using encryption for emails I will follow the advice from the DCGLUG. Thanks Neil Winchurst -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html