Do you use GnuPG/PGP?
Submitted by chris on Tue 28 Nov 2006
| No |
   38% | 224 votes |
| Yes - for signing |
11% | 69 votes |
| Yes - for encryption |
9% | 54 votes |
| Yes - for both |
40% | 233 votes |
| Total 580 votes |
<<< What is your favourite cheese?
How long will you wait to install etch when it becomes the stable dist? >>>
Posted by Anonymous (84.160.xx.xx) on Thu 30 Nov 2006 at 12:58
It would have been interesting to know what the voters are signing or encrypting -- mails, binaries or data files.
I use gpg to sign all my mail and source code, encrypt part of my mail, encrypt confidential material on my system. I don't sign binaries (yet).
cb
I use gpg to sign all my mail and source code, encrypt part of my mail, encrypt confidential material on my system. I don't sign binaries (yet).
cb
[ Parent ]
True enough :) I was also wondering what the pgp/gnupg split would be (am betting that since this is debian-admin that it will be heavily on the gnupg side),
Having said that - I decided that the number of choices was getting unwieldy and hard to follow - so I cut back to the basic set :)
For me
sign - most mail
encrypt - parts of mail and some confidential information (mostly membership details for people).
Having said that - I decided that the number of choices was getting unwieldy and hard to follow - so I cut back to the basic set :)
For me
sign - most mail
encrypt - parts of mail and some confidential information (mostly membership details for people).
[ Parent ]
Posted by Steve (62.30.xx.xx) on Thu 30 Nov 2006 at 15:48
[ Send Message | View Steve's Scratchpad | View Weblogs ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
My copy of mutt is setup to automatically sign all replies I compose which were signed/encrypted to me. Unless I hit "p f" by reflex.
I tend to sign "most" mails, but I only encrypt things like database dumps, and backup files.
[ Parent ]
Same here.
I sign mail and source code by default and crypt sensitive messages.
No binaries yet.
I sign mail and source code by default and crypt sensitive messages.
No binaries yet.
[ Parent ]
GnuPG yes, PGP no. (100% debian)
Sign & Encrypt: remote backups with duplicity package
Sign: Sometimes use on mailing list posts.
Encrypt: Password files, financial data, state secrets :-P
Greatest Frustration: Even my closest tech-savvy correspondents choose not to encrypt email. Encrypted email should be the standard for private coms, imho.
Sign & Encrypt: remote backups with duplicity package
Sign: Sometimes use on mailing list posts.
Encrypt: Password files, financial data, state secrets :-P
Greatest Frustration: Even my closest tech-savvy correspondents choose not to encrypt email. Encrypted email should be the standard for private coms, imho.
[ Parent ]
Posted by Anonymous (67.95.xx.xx) on Mon 4 Dec 2006 at 20:03
Amen. Encryption is one part of message obfuscation (arguably the most important part, of course), but there's a lot to be said for protecting against traffic analysis. The most basic kind of traffic analysis is to assume "if it's encrypted, it's important/sensitive/damaging/etc". Most people play right into that by only encrypting certain things.
Cryptography is effective regardless, but it's a lot more effective when used pervasively. If you were trying to spy on someone, wouldn't you be pretty happy if all the juicy stuff was easily identified? Wouldn't it be a bigger job if you had to spend the time/resources decrypting _everything_ to even find out where the stuff you were looking for was?
Personally, I think this is one of the (many) things that might improve once MS Outlook loses its dominance. When OpenPGP-aware MUAs can get some traction, and can leverage the flexibility of automatic key downloads from keyservers, that'll help. People will start to see the little padlock icons in their clicky-friendly mailers, and they'll start to expect it in SMTP traffic like they do with HTTP traffic now. Pair that with some decent pop-up help explaining what the different key trust levels are, and automation of the signing/sig-upload process based on that selection, and suddenly the Web of Trust(tm) becomes a real force of nature. :)
Cryptography is effective regardless, but it's a lot more effective when used pervasively. If you were trying to spy on someone, wouldn't you be pretty happy if all the juicy stuff was easily identified? Wouldn't it be a bigger job if you had to spend the time/resources decrypting _everything_ to even find out where the stuff you were looking for was?
Personally, I think this is one of the (many) things that might improve once MS Outlook loses its dominance. When OpenPGP-aware MUAs can get some traction, and can leverage the flexibility of automatic key downloads from keyservers, that'll help. People will start to see the little padlock icons in their clicky-friendly mailers, and they'll start to expect it in SMTP traffic like they do with HTTP traffic now. Pair that with some decent pop-up help explaining what the different key trust levels are, and automation of the signing/sig-upload process based on that selection, and suddenly the Web of Trust(tm) becomes a real force of nature. :)
[ Parent ]