lotus

previous page: 3.19. Why not use RSA alone rather than a hybrid mix of IDEA, MD5, & RSA?
  
page up: PGP FAQ
  
next page: 3.21. Can I be forced to reveal my pass phrase in any legal proceedings? (PGP)

3.20. Aren't all of these security procedures a little paranoid? (PGP)




Description

This article is from the PGP FAQ, by Jeff Licquia jalicqui@prairienet.org with numerous contributions by others.

3.20. Aren't all of these security procedures a little paranoid? (PGP)

That all depends on how much your privacy means to you! Even apart
from the government, there are many people out there who would just
love to read your private mail. And many of these individuals would be
willing to go to great lengths to compromise your mail. Look at the
amount of work that has been put into some of the virus programs that
have found their way into various computer systems. Even when it
doesn't involve money, some people are obsessed with breaking into
systems.

In addition, don't forget that private keys are useful for more than
decrypting. Someone with your private key can also sign items that
could later prove to be difficult to deny. Keeping your private key
secure can prevent, at the least, a bit of embarassment, and at most
could prevent charges of fraud or breach of contract.

Besides, many of the above procedures are also effective against some
common indirect attacks. As an example, the digital signature also
serves as an effective integrity check of the file signed; thus,
checking the signature on new copies of PGP ensures that your computer
will not get a virus through PGP (unless, of course, the PGP version
developer contracts a virus and infects PGP before signing).

 

Continue to:













TOP
previous page: 3.19. Why not use RSA alone rather than a hybrid mix of IDEA, MD5, & RSA?
  
page up: PGP FAQ
  
next page: 3.21. Can I be forced to reveal my pass phrase in any legal proceedings? (PGP)