-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III wrote: > Mica Mijatovic wrote: > > >>>>2. frequency of changing passphrases >>>> - in a user who accesses emails via net cafes (think keyloggers) >> >> >>Also good idea. Let's say after each use via net cafes, as soon as >>possible. Well, would be "ideally". > > > However, keep in mind this: If a keylogger/spyware ensnares one's Key & > operable passphrase, then merely changing the passphrase once you get > home will not eliminate the "intruder" from now having a matching > combination for later use. > > The "best/paranoid" practice would be to have a Key used only on one's > portable/Public PC device coupled with a "codeword" for each > correspondent to be inserted within each missive to confirm authenticity. >
Create a seperate signing and encryption subkeys and export them, disabling the secret part of the primary key when you do so. A good tutorial on this is available at http://fortytwo.ch/gpg/subkeys - -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQ1HEarMAAH8MeUlWAQgTVgf8CLHColEuJSIq+iweje1t/P1josJ5QoaK fUgTAZkN/mTgNnHiiiRHqxwjU+eKvpwZyuyFntgkE3K0a2IpED+vuXZJ12BOQSfu bKmERwmI3X6SWefndl8yqg7Wl3trX789mEzHVKEJYFDf7M2O+XyiwMiiHx6lXaWE JibeefRXbheks558sKKi4QcmVMKWIItpxB0rBNMm9Rk0NVwK8npdLrVkPVpg9FVZ Y8XGtCY3wyrPCBA5fApybMdw4CW9QY+SO21bVLBayehdx758+kJ98GIyFZGq/h6x RT3UdnaYcY9CJjcBt269NHR+Rg0rPkTjwBRFsXpDXrxJWe1WkfWVTw== =P85/ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
