Links – PGP Security

If you use PGP, as I do, you’ll want to read an old but useful article on pgp.net: “Security Questions” @ pgp.net as it covers a whole slew of topics ranging from how secure asymmetric cryptography can be to possible security threats arising from using PGP. Essentially if you have a good passphrase you’re better off than folks without one.

Similarly, this article explains passphrase safety tips: http://www.wowarea.com/english/help/pwd.htm — similar to the previous article mentioned which mentions TEMPEST*, this discusses things like a hidden microphone, camera, stolen swap files, access to your hard disk or other medium where private keys are stored, not using drive wiping technologies, key loggers, recovery software and EM microscopes on junked hard drives, viruses, Trojans and more.

* Some useful sites dealing with information on the old TEMPEST attack can be found using these sites:

http://en.wikipedia.org/wiki/Tempest_(codename)
http://www.surasoft.com/articles/tempest.php

With modern technologies and, being a regular citizen as opposed to an enemy of the state, your probably safe!

While it wasn’t designed specifically for asymmetric key passphrases, the GRC’s Haystack Password checker can be used as a starting point for developing safe habits: https://www.grc.com/haystack.htm

Also, in GPG anyway, if you ever find yourself needing to explain what a particular encrypted message is you can always perform a session key override:

--show-session-key (file)

Followed by:

--override-session-key (session key hash) (file)

The former will reveal a unique encrypted session key string, which is derived from your public key but is different than your secret key. The latter will enable you to decrypt a single text/file without you having to give any sensitive information. This is very useful if you have a naggy wife (or husband)!

Lastly Schneier’s article regarding the flaws of public key infrastructure is a must read.

The sites above make for some good reading and could help you safeguard your data appropriately.

EDIT: If you are subscribed to the blog, sorry for the multiple emails for the same post. Seems to have been some sort of problem with the CSS but it seems to be fixed now.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>