[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Developer security questions.



David Huggins-Daines <dhd@maclinux.plcom.on.ca> writes:

> On Wed, Jun 30, 1999 at 12:39:48PM -0700, karlheg wrote:
> >  Is it possible for someone, if they gained root on my workstation, to 
> >  make a copy of my .pgp/ and .ssh/ directories, then use those from
> >  anywhere on the net to log into master.debian.org, or sign a package
> >  or email?
> 
> Use a good, long, secure passphrase.  If you are truly paranoid, then keep
> your secret key on a floppy or something (or one of those nifty "secret
> decoder ring" gadgets you can get these days :-)

In every case keep a copy of your secret ring in a known safe
place. If you do not have done it know, copy it to a floppy know! Do
not do it because you are paranoid, do it because you will be able to
issue a key revocation certificate in case your key gets compromised.


Jens 

P.S.: Please vote against Spam! At
             http://www.politik-digital.de/spam/
(Sorry Europeans only)
---
Jens.Ritter@weh.rwth-aachen.de   grimaldi@debian.org
Key ID: 2048/E451C639 Jens Ritter
Key fingerprint: 5F 3D 43 1E 24 1E CC 48  1E 05 93 3A A7 10 73 37 


Reply to: