Re: [tlug] search for encrypted information exchange

[Curt Sampson <cjs@example.com>]

On 2009-08-27 20:05 +0900 (Thu), Bruno Raoult wrote:

> > So you never leave your laptop in suspend or hibernate mode when you're
> > not present?
> 
> I just repeat: I can loose my laptop with no fear.

How about answering my question.

> I cannot do the same with
> my wallet, with a few credit cards inside...

I don't understand that; credit cards are one of the safest things to
lose. You just phone up the card companies, tell them you lost the
cards, and they send you new ones, the next day if necessary. It's a
minor inconvenience, no more.

> The attacker can get my (encrypted) laptop, right.

Assuming it is encrypted. When the keys are in memory, all of your data
are decrypted. Your laptop remains encrypted only as long as you don't
turn it on.

> Geeks are focusing on laptops/encryption/etc..., while most people
> data is in wallets, phones, am I wrong? This is my case.

Yes, I think you are wrong. There's a big difference between the
opportunity to do identity theft on one person who's aware that someone
else has his ID and other cards, adn the opportuntity to do it on
thousands or tens of thosuands (in the typical publicised laptop theft
scenarios) who have no idea that they're under attack.

> So  SSH/PGP/geek stuff is very far 1) from people who care - like me - and
> 2) from people who do not (they will have no encryption, anyway).

If you think this way, you're probably a lot more vulnerable than you
realize because you don't understand security very well.

> I just wonder who are the target readers of your post:  "dummy geeks"?

No, smart geeks who just don't happen to know about certain attack
vectors, and people like you, in particular, actually.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com