Discussion forum for PGP and GnuPG users, especially friendly for beginners :-)

Surprise! | 1 Feb 2009 03:37

Picon

Lost USB drive with PGP keys


Lost USB drive with PGP keys
Realistically it probably is not worth any ones trouble to force my PGP
private key. However, it also seems a good time to review and update my
keys.

1)  How to I let people know I have changed keys?
Other than telling people that I have changed keys what do I do? I seem
to remember something about invalidating the old key on the key servers.
Is this correct?

2) choosing a new security code.
I find an interesting conflict. If I choose a security code that is
truly secure I probably will not be able to remember it. This means that
I will be carrying a copy of the code with me, in one form or another
until I learn it.

If I choose a code based on personal information I have made my self
vulnerable.

Would choosing a series of less personal information offer security or
make a code vulnerable?

example  A phone number of a friend when I was a child. The name of a
local town. A word in a non- English language.

3)  New email address. My old Thunderbird portable is not set to use a
code to down load email.

4) I am planning to encrypt most of my new USB drive with FreeOTFE_4_50.

(Continue reading)

Robert J. Hansen | 1 Feb 2009 05:00

Re: Lost USB drive with PGP keys

> Lost USB drive with PGP keys

Moral of the story: don't do this.

> Realistically it probably is not worth any ones trouble to force my PGP
> private key.

Realistically, as long as you chose a good passphrase, nobody _can_ do this.

> 1)  How to I let people know I have changed keys?

The best way I have discovered to tell people key A is dead and to use
key B instead is --

	1.  Sign key B with key A
	2.  Sign all your messages for a while with _both_ keys A+B
	3.  After six months or a year, revoke Key A

That produces an immediate trust association between key A and B, and
establishes a long record of you using both keys A and B for the same
traffic.  Thus when people see you're now only using key B, they can
feel confident in it.

> Other than telling people that I have changed keys what do I do? I seem
> to remember something about invalidating the old key on the key servers.
> Is this correct?

Better by far to revoke the key.

You _did_ have a backup, right?

(Continue reading)

John W. Moore III | 1 Feb 2009 05:11

Re: Lost USB drive with PGP keys


Surprise! wrote:

> I will be carrying a copy of the code with me, in one form or another
> until I learn it.
> 
> If I choose a code based on personal information I have made my self
> vulnerable.
> 
> Would choosing a series of less personal information offer security or
> make a code vulnerable?

> Of course I am looking for opinions and suggestions.

Check out www.diceware.com

JOHN 
Timestamp: Saturday 31 Jan 2009, 23:11  --500 (Eastern Standard Time)

Faramir | 1 Feb 2009 06:24

Picon

Re: Lost USB drive with PGP keys


Surprise! escribió:
...
> private key. However, it also seems a good time to review and update my
> keys.

  Disclaimer: I don't have formal knowledge of cryptography, so my
"secure" tips could be as secure as sitting over a pile of explosives,
while smoking...

  Take a look at http://tjl73.altervista.org/secure_keygen/en/index.html

  I followed those advices for the keys I carry on my USB flash drive,
just in case...

> 1)  How to I let people know I have changed keys?
> Other than telling people that I have changed keys what do I do? I seem
> to remember something about invalidating the old key on the key servers.
> Is this correct?

  Yes, soon or latter, you should revoke your "compromised" keys. If you
didn't had hard to get signatures on your old keys, I'd revoke them
fastly (so you don't have to worry about that latter), but if you can't
exchange keys easily, follow Robert J. Hansen's advise... Assuming you
still have a copy or backup of your lost keys.

   If you don't have a backup, and you don't have a revocation
certificate made to be used in a case like this one... then you can't
revoke the lost keys...

(Continue reading)

Tom | 2 Feb 2009 15:53

Picon

Re: Lost USB drive with PGP keys


> On Sat, Jan 31, 2009 at 6:37 PM, Surprise! <CaliforniaCarrier <at> gmail.com>
wrote:
>
>     4) I am planning to encrypt most of my new USB drive with
FreeOTFE_4_50.
>
>     Of course I am looking for opinions and suggestions.

I use http://www.truecrypt.org/.  You can either encrypt the whole USB drive
or a single file.

Faiyaz Nasib | 9 Feb 2009 09:06

Picon

(unknown)


Hey:   please visit this website (www.polooy.com), I believe that you can get some surprise out of your
exception . The site is selling : jacket ,jeans ,T-shirt ,sweater ,shoes;It will offer you high quality
products ,perfect after service and security of payment methods just as in the past.Please take your
valuable time to visit it . Moreover,If you want to find part-time jobs, you can choose drop shipping, If
you are interested in ,please contact market <at> polooy.com 
Sincerely with my best wishes!
_________________________________________________________________
Get the most out of your life online! Click here for the latest news and tips.
http://livelife.ninemsn.com.au/

[Non-text portions of this message have been removed]

------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                         http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                 mailto:PGP-Basics-OT-subscribe <at> yahoogroups.com

Gossamer Spider Web of Trust                           https://www.gswot.orgYahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/PGP-Basics/join

(Continue reading)

John W. Moore III | 12 Feb 2009 09:47

Interesting Concept/Security Nightmare


http://www.ncs-tech.org/?p=1146

Earlier I received an 'Invitation' from "Billy" to subscribe to Grouply
because of 'Our Mutual Interest in PGP-Basics'.  Hmm.....  Uh Huh.....

The Link at the top of this page is just one of several I discovered
when plugging "Grouply" into a Search Engine.

I share/mention all this only because this is the 'time of year' when
attempts are most often made to susceptible folks to surrender their
passwords, etc. in an attempt to seduce them into 'simplifying' their
Web 2.0 Life.  Imagine 'Registering' for this Service and then becoming
surprised to suddenly begin receiving SPIM over both Yahoo Messenger &
Google Talk IM Accounts.  :(  Worse, imagine having SPIM sent to all
Your Contacts under cover of having it originate from You.  <SIGH>

JOHN 
Timestamp: Thursday 12 Feb 2009, 03:47  --500 (Eastern Standard Time)

Andrew Berg | 12 Feb 2009 12:08

Picon

Re: Interesting Concept/Security Nightmare

John W. Moore III wrote:
> Earlier I received an 'Invitation' from "Billy" to subscribe to Grouply
> because of 'Our Mutual Interest in PGP-Basics'.  Hmm.....  Uh Huh.....
I got the same email, but I thought it was spam, so I didn't even open it.
-- 
Key ID: 0xF88E034060A78FCB
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6  07FD F88E 0340 60A7 8FCB
Windows NT 6.0.6001.18145 | GPG 1.4.9 | Thunderbird 2.0.0.19 | Enigmail
0.95.7

------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                         http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                 mailto:PGP-Basics-OT-subscribe <at> yahoogroups.com

Gossamer Spider Web of Trust                           https://www.gswot.orgYahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/PGP-Basics/join
    (Yahoo! ID required)

<*> To change settings via email:

(Continue reading)

Andrew Berg | 12 Feb 2009 12:17

Picon

Re: Interesting Concept/Security Nightmare

John W. Moore III wrote:
> http://www.ncs-tech.org/?p=1146
>
> Earlier I received an 'Invitation' from "Billy" to subscribe to Grouply
> because of 'Our Mutual Interest in PGP-Basics'.  Hmm.....  Uh Huh.....
>
> The Link at the top of this page is just one of several I discovered
> when plugging "Grouply" into a Search Engine.
Anyway, I don't see any scenario where such a site would truly /need/ to
have its members' credentials for Yahoo! Groups or anything else stored
on its servers to provide its service.
--

-- 
Key ID: 0xF88E034060A78FCB
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6  07FD F88E 0340 60A7 8FCB
Windows NT 6.0.6001.18145 | GPG 1.4.9 | Thunderbird 2.0.0.19 | Enigmail
0.95.7

------------------------------------

______________________________________________________________
Archives:                  http://groups.yahoo.com/group/PGP-Basics/messages
OT List:                         http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:                 mailto:PGP-Basics-OT-subscribe <at> yahoogroups.com

Gossamer Spider Web of Trust                           https://www.gswot.orgYahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:

(Continue reading)

Faramir | 12 Feb 2009 16:32

Picon

Re: Interesting Concept/Security Nightmare


  Hello John!

John W. Moore III escribió:
> http://www.ncs-tech.org/?p=1146
> 
> Earlier I received an 'Invitation' from "Billy" to subscribe to Grouply
> because of 'Our Mutual Interest in PGP-Basics'.  Hmm.....  Uh Huh.....

  I received that invitation too... I have not checked it yet, but
usually I just delete invitations from people I don't know, in special
if the invitation is clearly not a personalized one... It's strange how
people can subscribe to services that ask for their e-mail boxes user
and passwords... and they gladly provide that info!

  Best Regards

Group

gmane.comp.security.pgp-basics.

Project Web Page

Discussion forum for PGP and GnuPG users, especially friendly for beginners :-)

Search Archive

Page

1 | 2

Articles in period: 12

February 2009

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

encryption practice (1 May 2013)
Digest Number 3268 (25 Apr 2013)
test signature (23 Apr 2013)
Newbie (22 Apr 2013)
Option of Send Public Key Does Not Appear (22 Mar 2013)
PGP Public key trust confusion (3 Jan 2013)
Decrypt failed! (No secret key) Code = 17 (31 Dec 2012)
REVOKING PUBLIC KEY CONSTANTS IN BOUNCY CASTLE API (27 Dec 2012)
Revoke PGP public key using bouncy castle API. (26 Dec 2012)
PGP Digital signature confusion (26 Dec 2012)
PGP Web of trust concept (24 Dec 2012)
Setting up Enigmail (17 Dec 2012)
Here is a sample PGP email for you (25 Nov 2012)
pgp test email please (24 Nov 2012)
noobie enigmail user needs penpal (20 Nov 2012)
PGP encryption on my Mac (24 Oct 2012)
STELLAR WIND: ...seems to imply PGP and variants are useless (in re t (24 Aug 2012)
PGP Install Problems (19 Aug 2012)
True hardware random number generators (16 Aug 2012)
replying with Enigmail for Thunderbird (9 Aug 2012)
Encrypted eMail for a non-techie (25 Jul 2012)

Archives

1	May 2013
23	April 2013
6	March 2013
7	January 2013
11	December 2012
21	November 2012
6	October 2012
8	August 2012
18	July 2012
9	June 2012
46	May 2012
8	April 2012
57	March 2012
10	February 2012
4	January 2012
50	December 2011
16	November 2011
7	October 2011
8	September 2011
24	August 2011
13	July 2011
24	June 2011
3	April 2011
8	March 2011
9	February 2011
67	January 2011
39	December 2010
14	November 2010
16	October 2010
89	September 2010
13	August 2010
178	July 2010
40	June 2010
32	May 2010
11	April 2010
22	March 2010
50	February 2010
29	January 2010
10	November 2009
3	October 2009
26	September 2009
63	August 2009
28	July 2009
25	June 2009
95	May 2009
76	April 2009
46	March 2009
12	February 2009
58	January 2009
46	December 2008
33	November 2008
37	October 2008
128	September 2008
360	August 2008
131	July 2008
112	June 2008
74	May 2008
34	April 2008
86	March 2008
74	February 2008
73	January 2008
18	December 2007
22	November 2007
48	October 2007
24	September 2007
27	August 2007
88	July 2007
20	June 2007
29	May 2007
49	April 2007
104	March 2007
97	February 2007
49	January 2007
116	December 2006
70	November 2006
159	October 2006
10	September 2006
75	August 2006
89	July 2006
109	June 2006
155	May 2006
209	April 2006
120	March 2006
143	February 2006
194	January 2006
193	December 2005
64	November 2005
59	October 2005
185	September 2005
262	August 2005
209	July 2005
128	June 2005
208	May 2005
91	April 2005
327	March 2005
260	February 2005
108	January 2005
205	December 2004
83	November 2004
139	October 2004
139	September 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template