SLUG Mailing List Archives - Re: [SLUG] private key verification

To: SLUG mailing list <slug@xxxxxxxxxxx>
Subject: Re: [SLUG] private key verification
From: Del <del@xxxxxxxxxxxx>
Date: Tue Jul 31 00:11:02 2001
Organization: Babel Com Australia

Jamie Honan wrote:

> How much paranioa is enough?

I'm a mathematics major.  So sue me.

Seriously, though, if you are paranoid, here are some things
you should not do with your key:

-  Leave it unencrypted.
-  Sign an arbitrary piece of binary rubbish sent to you by
   someone saying "here, sign this!"

Here are things you should do:

-  Use an established algorithm (such as RSA or DSA) rather than
   a "roll-your-own".
-  Use a good implementation such as PEM or PGP / GPG, not a
   roll-your-own.

For Jamie's benefit I won't explain the details of why.  Other
than that, it's quite difficult (read: nearly impossible using
today's computing equipment) to bust someone's private key.

If you say you're you, and you have your private key, then as far
as I'm concerned you are really you.  If you don't have your
private key then you're not really you, you're someone else.

Jaq doesn't appear to have his own public key, so he's not
him and he's not even someone else.  :)

--
Del

Follow-Ups:
- Re: [SLUG] private key verification
  - From: Stephen Robert Norris

References:
- Re: [SLUG] private key verification
  - From: Jamie Honan

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Meeting: Friday, 27th July, 2001
Next by Date: [SLUG] Routing / forwarding prob
Previous by thread: Re: [SLUG] private key verification
Next by thread: Re: [SLUG] private key verification