PGP: looking for advice on settings

Trevor Smith pmmail@rpglink.com
Wed, 22 Mar 2000 20:55:22 -0400 (AST)


On Wed, 22 Mar 2000 19:06:59 -0500, Andrew Webber wrote:

>The only reason I thought, was that using the default names, even
>in a non-default directory (I moved them) would make it relatively
>easy for someone with access (electronic or physical) to do a find
>on my HD and scoop the files based on their names.  Then work with
>them at their leisure.

Ah, good point. Still, since the private key isn't usable without
your pass phrase, you should probably be safe even if someone were to
steal your key. I should someone ask exactly how much resources it
takes to "break" a private key without the pass phrase...

>Not that I think this will happen, but why go halfway?  If it would
>work, I'd put empty files back into C:\WINDOWS with the default
>names, then rename the actual files a.a b.b and c.c or something. 
>But only if it will work.

I'm really not sure. An easy way to test though is to make backup
copies (just "copy pubring.pkr pubring.bak" and "copy secring.skr
secring.bak" from the command line) and change the strings in your
configuration file ('pgp.cfg' here; I'm using PGP 5.0 for OS/2).

>And while I don't think anyone would do this to break my
>encryption, I would look pretty foolish, and be the subject of some
>razzing, if someone copied+deleted my secring.skr from my PC in the
>two minutes I spend getting a bottle of Diet Coke, and posted it on
>a corporate intranet -- not to break the encryption but to make a
>joke.

True, very true. :-)


-- 
 Trevor Smith          |          trevor@haligonian.com
 PGP public key available at: www.haligonian.com/trevor

PGP Public Key Fingerprint= A68C C4EC C163 5C0A 6CFA  671F 05D4 0B30 318B AFD6