Re: keyring management best practices

["Ahmad Elkhatib" <ahmad.elkhatib () gmail com>]

Full disk encryption with two factor authentication is for sure more than enough for any normal secure use in my 
opinion. 


-Ahmad

-----Original Message-----
From: Marc Evans <marc () softwarehackery com>

Date: Thu, 19 Mar 2009 13:07:31 
To: <funsec () linuxbox org>
Subject: [funsec] keyring management best practices


Hello,

I am looking for opinions of best practices for management of pgp and
ssh keys for laptop users. Specifically, I am provisioning a recently
purchased macbook of mine, which will travel with me to both US and
non-US locations. I am using the OSX encryption features on the laptop,
but don't personally consider that sufficient protection when
considering installing these keyrings on to it.

Options that I have been considering include the following, in order of
my likely choice:

  1) Don't install the keys on the laptop at all. Instead force myself
to use a better secured server.

  2) Use a USB dongle with truecrypt on top of which I would store the
keyrings.

  3) Stop being anal, and put the keys on the laptop, so long as good
password management is used for the laptop.

My question for this distinguished list of people is, what are your
personal practices, and/or do you have suggestions that I should consider?

Thanks in advance - Marc
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.