Caitlin wrote: > 1). My roommate and I share a WinXP box. If I install GnuPG 1.4.5 on > it, would this represent a potential security concern?
We can't answer this question with a 'yes' or a 'no'. Decisions about security are up to you. We can hopefully give you some questions which will help you make your decision, though. 1. Do you trust your roommate? 2. Do you trust Windows XP? If both questions are answered 'yes', then it's very unlikely sharing a Windows XP box with your roommate would present a security concern. But if you don't trust your roommate, or you don't trust Windows XP, then pretty much anything you do on your PC needs to be considered suspect--not just GnuPG. > 2). Would I have to copy and paste encrypted messages received via > email to a disk (for example) then transport them to the machine > mentioned in #1 for decryption? Usually, you run GnuPG on the same machine you receive email on. If you do that, then there are many mail clients that offer excellent GnuPG integration. (Shameless plug: Mozilla Thunderbird, available from http://mozilla.com, has a GnuPG plug-in called Enigmail, available from http://enigmail.mozdev.org. I have had excellent results with this setup.) > 3). If a security issue arises with the version of GnuPG I'm using, > what happens to my keyring, private key, etc. when I upgrade? That depends on what security issue is discovered. If it's a bug in how the keys are generated or stored, then you may have to generate a new pair. If it's a bug elsewhere in GnuPG, then your keyring, public key, private key, configuration file, etc., will be absolutely unchanged. Bugs of the first sort are very rare. To my recollection there's only been one such bug since GnuPG hit 1.0, and it affected only about 1,000 people. > 4). How secure (generally speaking) is installing GnuPG on a flash > drive and using it for all GnuPG related activity? I'm a college > student and security on the campus network is clearly of paramount > importance. You may want to look into something called Portable Thunderbird, which is a Thunderbird + Enigmail installation meant to be run from a flash drive. Without knowing particulars of your environment it's hard to give you simple answers, but I can tell you that many people use Portable Thunderbird in such environments with strong success. However, I'd strongly recommend keeping anti-virus software on your home PC and checking your flash drive for infection whenever you come back home after using a campus PC. University computers tend to be breeding grounds for all sorts of nasty things. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
