PGP DISK - PGP

This is a discussion on PGP DISK - PGP ; Hi Can anyone advice me regarding creating a PGP DISK ? Which would be safer a simple PGP DISK protected by a LONG passphrase or a PGP DISK protected by a pgp key and this key kept on a smart-card ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: PGP DISK

  1. PGP DISK

    Hi

    Can anyone advice me regarding creating a PGP DISK ?
    Which would be safer a simple PGP DISK protected by a LONG passphrase or a
    PGP DISK protected by a pgp key and this key kept on a smart-card ?

    Any reply adviced will be greatly appreciated

    Thank you
    Nick



  2. Re: PGP DISK

    On Thu, 30 Sep 2004, "noone" wrote:
    >Hi
    >
    >Can anyone advice me regarding creating a PGP DISK ?
    >Which would be safer a simple PGP DISK protected by a LONG passphrase or a
    >PGP DISK protected by a pgp key and this key kept on a smart-card ?


    Yourt question is impossible to answer.

    All other things being equal, they're identically safe. No known flaws
    exist in either method. The question you need to ask is which "key" is
    safer for YOU. And only you can honestly answer that question because only
    you know all the details of your lifestyle that may lead to a compromised
    smart-card or pass phrase.

    There is one thing that might give the key/smart-card scenario an inherent
    advantage though. If I'm not mistaken, a PGP disk encrypted to a key also
    requires that the key's pass phrase be entered. If that's he case, a
    suitable key with a good pass phrase would seem to be more secure by
    reqiring that both be compromised.


  3. Re: PGP DISK

    Sir Spamsalot wrote in
    news:200410010623.i916NQYK031265@marco.aarg.net:


    > There is one thing that might give the key/smart-card scenario an
    > inherent advantage though. If I'm not mistaken, a PGP disk encrypted
    > to a key also requires that the key's pass phrase be entered. If
    > that's he case, a suitable key with a good pass phrase would seem to
    > be more secure by reqiring that both be compromised.


    Unless smart cards have changed since I looked at them, PGP private keys
    are stored unencrypted on them, and protected by only PIN or password
    access to the card itself. An attacker may be able to physically open the
    smart card and remove the non-encrypted private card.

    --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

+ Reply to Thread