-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Florian Philipp escribió: > On Fri, 2008-05-09 at 08:21 -0400, Faramir wrote: > >> Well, I am going to carry gpg in my USB flash drive, either using >> portable firefox+FireGPG+some way to put gpg on the drive, or portable >> thunderbird+gpg for portable TB+enigmail. But despite what way I will ... > In addition to a strong passphrase you could use steganographic > software. It doesn't encrypt data but hides it, usually in a picture of > sound file. ... Yes, I was thinking hard about the subject, and I remembered steganography... and in the wikipedia article they have a lot of links to that kind of software. I chose Digital Invisible Ink Toolkit, since it is open source, free, built in java, so it should run anywhere. I already had some portable apps (like portable openoffice.org) in my flash drive, including jre... so it looks very viable to use that. > I think I've heard of USB-sticks or external hard disks with integrated > finger print readers. I don't really trust this kind of hardware but > it's an additional layer of security. I don't trust them too, since I was told it is very likely they can be hacked... at least, laptops protected by fingerprint readers can be hacked. So I would rather use a USB flash drive with built in 256 bits AES... but then, I think it would be the same than just encrypting the keyring with that encryption system, or making a self extracting gpg encrypted file... And if I put that file inside a picture (which supports encryption too...), that probably would be more than enough to keep the data safe... Well, the thing is my keyring is not valuable at all, it has not even been signed by other people... but since I am studying an IT related career, I should do things "the right way" (or learn how to do them "the right way"), before I actually have to use that knowledge... Thanks for your advice, since cryptography is based on "the security is in the key, not in the algorithm" (the info is not hidden, but protected), and steganography is based on hiding the info, I thought maybe talking about steganography at gpg list would be some kind of heresy XD. But if you thought about it too, I feel more confident in it is a good idea to mix both systems. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJIJcJLAAoJEIISGkVDGUEOi2YH/0XlR6ihYREYfJidwlxInHwd 9dSlIIGyVm6zo4LpMFHD8rK87OEMp5tFtyLBydfmNfLfzN1XZeYbVntUNYAMX/3C R0SqwilVHBlhX20d1I2i5IcYXIse3X/EwGyD0NTGMQMwr5HnjKNxB/CRX1S+ciOa 85tg04Rw1zrjPKZRbca3c97qIh7ix7qFY9dQD3HmWFl1tve2kLTvwx0fx5BaB3Uo xu/Pz5lzbee4t1hyOgBav2JmXYl+Wgq+Nwbki7bruF/AezfG6+VRK5OEhmYz9qyk /z5zQNO+wkuy0oPDQVc0TYeYuzoBBFa0BhbynD+0JjfZh0KpTc+HBVVryb39sQ4= =mx7v -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
