Best way to deal with chance of lost private key on Handheld? - PGP

This is a discussion on Best way to deal with chance of lost private key on Handheld? - PGP ; What is the best way to deal with the potential for theft/loss of a palmtop containing a private PGP key? For example, I am considering creating a separate key pair for use on my Palm. However, it is kind of ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Best way to deal with chance of lost private key on Handheld?

  1. Best way to deal with chance of lost private key on Handheld?

    What is the best way to deal with the potential for theft/loss of a palmtop
    containing a private PGP key? For example, I am considering creating a
    separate key pair for use on my Palm. However, it is kind of a pain to deal
    with two separate keys since I like to access my data on both my Palm and my
    PC. I know I can keep a copy of the key on both devices but am curious if
    there is some better alternative that might not require the use of two
    separate private keys while still maintaining the usefulness of the PGP
    systems and without requiring the creation of a new private key if the Palm
    is stolen/lost with the private key onboard.

    I am considering adding PGP to my Palm but am concerned about the potential
    loss of the my private key.

    Thanks!
    Chip



  2. Re: Best way to deal with chance of lost private key on Handheld?

    "Chip G" wrote in message
    news:y2_Sa.102839$wk6.27359@rwcrnsc52.ops.asp.att. net...
    > What is the best way to deal with the potential for theft/loss of a

    palmtop
    > containing a private PGP key? For example, I am considering creating a
    > separate key pair for use on my Palm. However, it is kind of a pain to

    deal
    > with two separate keys since I like to access my data on both my Palm and

    my
    > PC. I know I can keep a copy of the key on both devices but am curious if
    > there is some better alternative that might not require the use of two
    > separate private keys while still maintaining the usefulness of the PGP
    > systems and without requiring the creation of a new private key if the

    Palm
    > is stolen/lost with the private key onboard.
    >
    > I am considering adding PGP to my Palm but am concerned about the

    potential
    > loss of the my private key.
    >
    > Thanks!
    > Chip


    Use a very secure password. Then even if someone steals your palmtop,
    security isn't damaged. Do a google search for 'diceware'. A 10 word
    diceware passphrase, without any fancy capitalisation/extra symbols, etc.,
    is better than the 128 bit encryption for most of the symmetric encryption,
    and is equivalent to being more secure than a 2048 bit private/public DH/DSS
    keypair. And it's dead easy to remember. (Well, relatively)



  3. Re: Best way to deal with chance of lost private key on Handheld?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Get whatever removable storage media palm supports and
    attach one to your car keys or something.

    Share split the key so there are 3 parts and you need any
    two to get the key.

    Keep one part on the palm, one on the storage media and one
    on the desktop.
    That way you can use 1 key for everyting (no seperate pair)
    but if any one thing is stolen you can still get to your
    key and the theif cannot.

    This and a secure (and preferably different) passphrase on
    each part of the share split key will make the key secure
    enough for you (assuming you don't encrypt top secret
    intelegence reports for a major government)

    | What is the best way to deal with the potential for
    | theft/loss of a palmtop containing a private PGP key? For
    | example, I am considering creating a separate key pair
    | for use on my Palm. However, it is kind of a pain to deal
    | with two separate keys since I like to access my data on
    | both my Palm and my PC. I know I can keep a copy of the
    | key on both devices but am curious if there is some
    | better alternative that might not require the use of two
    | separate private keys while still maintaining the
    | usefulness of the PGP systems and without requiring the
    | creation of a new private key if the Palm is stolen/lost
    | with the private key onboard.
    |
    | I am considering adding PGP to my Palm but am concerned
    | about the potential loss of the my private key.
    |
    | Thanks!
    | Chip

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2
    Comment: My Key: 6ACE DC2C 4C5A 9911 96F3 DDEB C7EC A953 ADE5 0951

    iQIVAwUBPx10cLYahGTApomxAQIuExAAwFIoNIbpyRhnsvIOoK 3LtkjH7ub5SgOk
    MZ/1rCE2TwQ2VEnsFJA/EiZybmZDD65jQNYzs1ytMfvUFr5fBlCgXDT+RtvYrzBW
    RtKvyGpUgZISRFAzwVFSvcB/7yMms8nm7iF1NQoKnHXAZsFAoKsGaDp4rgeI3D2w
    w1a1Ojum5F7Y7rUXbwcFFY44wHvUBG9bofbUMHJ0zYZ8xo3wU3 93IlxGQ4HuPokw
    wOIa9su6KIFTjNnkSifZ4T4CSXi8MVFVKfu1kBLc9tq7GXsgEg 3hcj1iL9fCsrVa
    nG2zYVDXBFct9cyrlIqAUODC5byVxyfaC2BbGeeaqTRe+YXhe8 Nrhn7O2TsvDeje
    q+C4SBoaLQk9xVeRwmH6rfcxiXEINjJ/xA8Az6jR6PtOxPodaPbc+cYDzLtnD9QX
    pj4wxixW0rDQH1m3yjpe33YrCrR7nhj247Hs8y1XazkgTm6ibE hrmuYTVN6V47M3
    RN8c/ak+kz2mkGd4EJmrKB9/5+mAwgjptRnOWALNG/OsheIGIB6cSAQHYQmN3/Cb
    wCftX7aJLBmMEjZkd1kDzBmRv2bOLqBOlHTmsyk+/VQHVWDdnL/ZEyzQ0KFpJcT4
    wwZ+cnMAdTFhfEB8SOVylvUUF7I2HfCp29oJzDjB8E0SttTzee ibInWxPp2R7cdZ
    QG/HCaAYrLQ=
    =ohR6
    -----END PGP SIGNATURE-----




+ Reply to Thread