"Chip G" wrote in message
news:y2_Sa.102839$wk6.27359@rwcrnsc52.ops.asp.att. net...
> What is the best way to deal with the potential for theft/loss of a
palmtop
> containing a private PGP key? For example, I am considering creating a
> separate key pair for use on my Palm. However, it is kind of a pain to
deal
> with two separate keys since I like to access my data on both my Palm and
my
> PC. I know I can keep a copy of the key on both devices but am curious if
> there is some better alternative that might not require the use of two
> separate private keys while still maintaining the usefulness of the PGP
> systems and without requiring the creation of a new private key if the
Palm
> is stolen/lost with the private key onboard.
>
> I am considering adding PGP to my Palm but am concerned about the
potential
> loss of the my private key.
>
> Thanks!
> Chip

Use a very secure password. Then even if someone steals your palmtop,
security isn't damaged. Do a google search for 'diceware'. A 10 word
diceware passphrase, without any fancy capitalisation/extra symbols, etc.,
is better than the 128 bit encryption for most of the symmetric encryption,
and is equivalent to being more secure than a 2048 bit private/public DH/DSS
keypair. And it's dead easy to remember. (Well, relatively)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Get whatever removable storage media palm supports and
attach one to your car keys or something.

Share split the key so there are 3 parts and you need any
two to get the key.

Keep one part on the palm, one on the storage media and one
on the desktop.
That way you can use 1 key for everyting (no seperate pair)
but if any one thing is stolen you can still get to your
key and the theif cannot.

This and a secure (and preferably different) passphrase on
each part of the share split key will make the key secure
enough for you (assuming you don't encrypt top secret
intelegence reports for a major government)

| What is the best way to deal with the potential for
| theft/loss of a palmtop containing a private PGP key? For
| example, I am considering creating a separate key pair
| for use on my Palm. However, it is kind of a pain to deal
| with two separate keys since I like to access my data on
| both my Palm and my PC. I know I can keep a copy of the
| key on both devices but am curious if there is some
| better alternative that might not require the use of two
| separate private keys while still maintaining the
| usefulness of the PGP systems and without requiring the
| creation of a new private key if the Palm is stolen/lost
| with the private key onboard.
|
| I am considering adding PGP to my Palm but am concerned
| about the potential loss of the my private key.
|
| Thanks!
| Chip

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3 DDEB C7EC A953 ADE5 0951

iQIVAwUBPx10cLYahGTApomxAQIuExAAwFIoNIbpyRhnsvIOoK 3LtkjH7ub5SgOk
MZ/1rCE2TwQ2VEnsFJA/EiZybmZDD65jQNYzs1ytMfvUFr5fBlCgXDT+RtvYrzBW
RtKvyGpUgZISRFAzwVFSvcB/7yMms8nm7iF1NQoKnHXAZsFAoKsGaDp4rgeI3D2w
w1a1Ojum5F7Y7rUXbwcFFY44wHvUBG9bofbUMHJ0zYZ8xo3wU3 93IlxGQ4HuPokw
wOIa9su6KIFTjNnkSifZ4T4CSXi8MVFVKfu1kBLc9tq7GXsgEg 3hcj1iL9fCsrVa
nG2zYVDXBFct9cyrlIqAUODC5byVxyfaC2BbGeeaqTRe+YXhe8 Nrhn7O2TsvDeje
q+C4SBoaLQk9xVeRwmH6rfcxiXEINjJ/xA8Az6jR6PtOxPodaPbc+cYDzLtnD9QX
pj4wxixW0rDQH1m3yjpe33YrCrR7nhj247Hs8y1XazkgTm6ibE hrmuYTVN6V47M3
RN8c/ak+kz2mkGd4EJmrKB9/5+mAwgjptRnOWALNG/OsheIGIB6cSAQHYQmN3/Cb
wCftX7aJLBmMEjZkd1kDzBmRv2bOLqBOlHTmsyk+/VQHVWDdnL/ZEyzQ0KFpJcT4
wwZ+cnMAdTFhfEB8SOVylvUUF7I2HfCp29oJzDjB8E0SttTzee ibInWxPp2R7cdZ
QG/HCaAYrLQ=
=ohR6
-----END PGP SIGNATURE-----