Terbawa tautan yang disodorkan Putu Arya Sabda Wijaya tentang keamanan sistem, saya sampai pada halaman Kebijakan Kunci PGP milik Daniel Fox Franke, staf di Akamai. Penjelasan yang disampaikan perihal kunci keamanan digital layak diteladani, saya salinkan bagian utama di sini dari https://dfranke.us/pgp-key-policy.html * * * Key security policy My primary key (i.e., my certifying key which signs uids and subkeys) is an offline key, stored only on a thumb-drive kept in a safe. The passphrase on the key consists of 20 random characters chosen from among the 96 printable ASCII characters, and uses an s2k-count of 65011712 (the largest value supported by GnuPG). When I need to use this key, I boot a Tails live system on a laptop with no network connection, copying the needed public keys to and from another system via a USB thumb-drive. The primary key does not expire. I will revoke it if I have a specific reason to believe that it has been compromised. My encryption subkeys are stored only alongside the primary key and on a laptop which, although it does have access to the internet, runs an extraordinarily-hardened system and is used for very limited purposes, thus minimizing the likelihood of compromise. My encryption subkeys naturally expire after one year, but I will revoke them any time I learn of a situation which could have led to their compromise – e.g., learning of a remotely-exploitable vulnerability on my system – even if there is no indication that such a compromise actually occurred. Given the lengths I have gone to minimize my system’s surface for exploitation, I hope this will be a relatively rare event. My (data-)signing subkeys may be stored on any system to which I am the only one with legitimate root access. This includes systems in my workplace cubicle; such systems utilize full-disk encryption and screensaver locks, but they are vulnerable to hardware keyloggers and cold-boot attacks perpetrated by coworkers and anyone else who is able to get into my office building. My signing subkeys naturally expire after one year. I will revoke them any time I learn of a situation which could have led to remote compromise, even if there is no indication that such a compromise actually occurred; or if I have specific reason to believe that a physical compromise occurred. Since my signing subkeys are stored on some systems that employ only ordinary levels of caution to prevent remote exploitation, they may be revoked rather often as new vulnerabilities are discovered.
Posted on: Sun, 28 Sep 2014 00:02:30 +0000
Trending Topics
Recently Viewed Topics
© 2015