Re: Security guidelines for Debian people
On Thu, Nov 03, 2011 at 03:44:36PM -0200, Henrique de Moraes Holschuh wrote:
> On Thu, 03 Nov 2011, Jakub Wilk wrote:
> > This seems to suggest that having multiple copies of the PGP key
>
> Multiple *offline* copies, in an encrypted container.
>
> > somehow improves security. However, at least for some attack
> > scenarios, it's quite the opposite.
>
> The problem is that those offline copies are the only full copies that
> are supposed to exist, as you're not supposed to have any online copies
> of the master key, just copies of the subkeys.
>
> You can get away with just one offline copy, but it better not be on
> normal media or you could lose it entirely. You can simply store both
> offline copies at the same site if you want to manage key exposure risk,
> as that increases the risk of key exposure by a very small margin (two
> encrypted containers, might or might not make it easier to break
> depending on what exactly you did), and decreases the risk of the key
> becoming irretrievable due to device malfunction a great deal.
Just my opinion:
Personally, I believe there are several things which are important to
one's identity and cannot have many copies (or even one copy). For
instance, this could be a passport, or some bank access card or the
like. I would accord the same safety standards to the backup as I
would to the other documents I mentioned. That's the best I can do,
since losing (or compromise) any of the other documents is likely to
land me in a soup bigger than the loss of the key.
Kumar
--
How do I type "for i in *.dvi do xdvi $i done" in a GUI?
-- Discussion in comp.os.linux.misc on the intuitiveness of interfaces
Reply to: