I had a minor geek spree this week, not entirely sucessfully
Got a "personal certificate" (X.509 2048 bits) from Thawte - they give personal certs out for free, to sustain a pool of interested customers for their commerical business - quick google suggested they were trustworthy, if anyone knows they're not, let me know.
Anyway, piece of cake to install - use Firefox to signup and download a certificate. Back it up into a .p12 file, then have Mac Mail search for it and import it.
Voila, unbreakable encryption, unless someone has a robust multibit quantum computer, or unless thawte put a backdoor in their product.
It is on my mac.com e-mail only for now, for recreational use only, of course.
Wouldn't want to complicate life for anyone.
I got spare power supplies for my laptop - been meaning to since I saw a very smart person's setup in Evanston this spring. No more lugging the f'ing Pro Book power supply everywhere - I now have preinstalled ones everywhere, ready to plug in, and spare one pre-packed for travel. My right shoulder thanks you.
Couple of more setup upgrades and I'll finally have things the way I plan to - if you gotta copy, copy fromt the best.
Took forever to get, been on backorder for weeks, some supply line problem with Apple.
While I was at it, picked up OS X 10.5 "Leopard" - started installation with my desktop.
Not impressed so far - overrode my desktop background, messed up my mail box structure and took forever to install as an upgrade, messed up half a day and cost me some productivity. Configuring the new options is clearly going to cost me another haf-day at some point, which is not good during mini-proposal season.
Now I just have to clean my office, or something constructive.
- Log in to post comments
More like this
You upgraded to Leopard? Brave Man.
Let me know how Time Machine works out for you.
Been thinking about going to Leopard, but don't feel much of a rush. Stories like yours suggest waiting for a few updates might be wise ...
I generally get three power supplies for my laptop: One for home, one for office, one I keep in my suitcase. Ever since I switched to the laptop as my main computer, I've found this to be the most useful way to arrange things.
Not planning any Spitzer proposals, I trust. Their templates warn
not to install Leopard until after you've submitted all your proposals.
They haven't tested the submission software under Leopard...
Ah, I guess I'll be doing any Spitzer off of the laptop.
Was also warned to not update fink or recompile, by a clever postdoc, hadn't even thought about that...
Really wasn't paying attention, eh, thing'd been out for days and I hadn't heard any howls in the intertubes
Thawte can't put a backdoor (in the usual sense) into a certificate, there's no executable code there. The most plausible thing Thawte could do is to issue a certificate to someone else, say "Stein Sigurdsson" with the email address "steinly@mac.com"; that person could then pretend to be you. (I think it was VeriSign, who now own Thawte, who issued a certificate to some guy in the name of "Microsoft Corporation" (with an extra space).)
If this worries you, you should probably also worry about your SSH connections, since they have no kind of certificate authority involved; all it can do is give you an alarming message if a host suddenly changes its public key (because this might be a sign that it's actually not the host you thought you were logging in to).
PGP has a solution of sorts to this problem: you generate all your keys yourself, and you trust that a key belongs to who it says it belongs to only if it's signed by someone you've met and trust, or (optionally) someone at another remove or two.
well, I used to have PGP implemented, but it got detached at some point during platform migration
there is a way Thawte could put a backdoor into a certificate, they could generate the key from a much narrower bitspace then its nominal size - so inverting the keys would be trivial to some third party who knew what the restricted key space was, but effectively impossible for any other third party
that is what I would do if I were evil and had a reason to subvert such a system
there are separate concerns with SSH and encrypted traffic - at one level spoofing is a concern, and if you trust a false key identity then you may hand over decryptable content to the wrong recipient
the other issue is sniffing - in which you assume that any encrypted traffic can be intercepted but only the right recipient can decrypt because they key is robust
if the key is flawed, then a third party who knows the structure of the flaw can encrypt any intercepted traffic
I did that once with my old old notebook. Had a power supply in each office and one at home to save weight. Then I packed up for a week's peace and quiet in my cabin in the woods over Christmas, planning on getting some serious work done, and of course left the power supply behind.
FedEx and DHL don't really service the woods efficiently. I checked by phone in all towns within a 2 hour driving radius - no power supply for me. I got a neighbor with a key to my place to ship me mine from home, it took 5 (five) days with my power supply seeing more major cities than I can do in that amount of time (according to the package tracker). Since there was no one to unload packages on Christmas Eve they literally stored the packages in airplane bellies.
I used the last of the power supply to download the most important stuff to a USB stick and then camped out at a nearby (as in "less than an hour's drive") Internet cafe.
Now I always carry my power cords with me, at least until they come up with a universal power supply (and plugs!!) that will service my mobile phone/PDA/laptop/hair curler/electric toothbrush/iPod/games console. Of course, wireless electricity supply will do as well, but I have this vague remembrance of physics past that tells me that this will not soon be an option.