Re: Developer security questions.
David Huggins-Daines <dhd@maclinux.plcom.on.ca> writes:
> On Wed, Jun 30, 1999 at 12:39:48PM -0700, karlheg wrote:
> > Is it possible for someone, if they gained root on my workstation, to
> > make a copy of my .pgp/ and .ssh/ directories, then use those from
> > anywhere on the net to log into master.debian.org, or sign a package
> > or email?
>
> Use a good, long, secure passphrase. If you are truly paranoid, then keep
> your secret key on a floppy or something (or one of those nifty "secret
> decoder ring" gadgets you can get these days :-)
In every case keep a copy of your secret ring in a known safe
place. If you do not have done it know, copy it to a floppy know! Do
not do it because you are paranoid, do it because you will be able to
issue a key revocation certificate in case your key gets compromised.
Jens
P.S.: Please vote against Spam! At
http://www.politik-digital.de/spam/
(Sorry Europeans only)
---
Jens.Ritter@weh.rwth-aachen.de grimaldi@debian.org
Key ID: 2048/E451C639 Jens Ritter
Key fingerprint: 5F 3D 43 1E 24 1E CC 48 1E 05 93 3A A7 10 73 37
Reply to: