SLUG Mailing List Archives
Re: [SLUG] private key verification
- To: SLUG mailing list <slug@xxxxxxxxxxx>
- Subject: Re: [SLUG] private key verification
- From: Del <del@xxxxxxxxxxxx>
- Date: Tue Jul 31 00:11:02 2001
- Organization: Babel Com Australia
Jamie Honan wrote:
> How much paranioa is enough?
I'm a mathematics major. So sue me.
Seriously, though, if you are paranoid, here are some things
you should not do with your key:
- Leave it unencrypted.
- Sign an arbitrary piece of binary rubbish sent to you by
someone saying "here, sign this!"
Here are things you should do:
- Use an established algorithm (such as RSA or DSA) rather than
- Use a good implementation such as PEM or PGP / GPG, not a
For Jamie's benefit I won't explain the details of why. Other
than that, it's quite difficult (read: nearly impossible using
today's computing equipment) to bust someone's private key.
If you say you're you, and you have your private key, then as far
as I'm concerned you are really you. If you don't have your
private key then you're not really you, you're someone else.
Jaq doesn't appear to have his own public key, so he's not
him and he's not even someone else. :)