<h1>Email Self-Defense</h1>
<!-- Language list for browsers that do not have JS enabled -->
+ <span style="float: right">v 4.0</span>
<ul id="languages" class="os">
<li><a class="current" href="/en">english</a></li>
<li><a href="/es">espaƱol</a></li>
<dl>
<dt>Strong Passphrases with Diceware</dt>
<dd>Human-made passwords tend to either be very easy to guess, or difficult to memorise and easy to forget. Fortunately, if your privacy is more important to you than an extra 10 to 15 minutes of your time, you can use dice to come up with a password which is both strong and memorable using the 'diceware' method.</dd>
-
+
<dd>To use the diceware method, you will need dice (preferably 5, but 1 will do) and <a href="http://world.std.com/~reinhold/diceware.wordlist.asc">this list of words</a>. Do not substitute computer dice for physical dice. Notice that each word on the word list corresponds to a unique five-digit number. Role one dice five times, or five dice once to select the first word. Don't rearrange or discard words, because doing so makes the process much less secure. Repeat this process until you have at least six words, and there's your password.</dd>
<dt>Command-line key generation</dt>
- <dd>If you prefer using the command line for a higher degree of control, you can follow the documentation from the <a href="http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html#ss3.1">GnuPG Mini Howto</a> or <a href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy Handbook</a>. Make sure you stick with "RSA and RSA" (the default), because it's newer and more secure than algorithms recommended in the old previously mentioned documentation.</dd>
+ <dd>If you prefer using the command line for a higher degree of control, you can follow the documentation from the <a href="http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html#ss3.1">GnuPG Mini Howto</a> or <a href="https://www.gnupg.org/gph/en/manual/c14.html#AEN25">The GNU Privacy Handbook</a>. Make sure you stick with "RSA and RSA" (the default), because it's newer and more secure than algorithms recommended in the old previously mentioned documentation.</dd>
<dt>Advanced key pairs</dt>
<dd>When GnuPG creates a new keypair, it compartmentalizes the encryption function from the signing function through <a href="https://wiki.debian.org/Subkeys">subkeys</a>. If you use subkeys carefully, you can keep your GnuPG identity much more secure and recover from a compromised key much more quickly. <a href="https://alexcabal.com/creating-the-perfect-gpg-keypair/">Alex Cabal</a> and <a href="http://keyring.debian.org/creating-key.html">the Debian wiki</a> provide good guides for setting up a secure subkey configuration.</dd>
<p><img src="//static.fsf.org/nosvn/enc-dev0/img/en/screenshots/section5-02-use-it-well.png" alt="Section 5: Use it Well" /></p>
</div><!-- /.sidebar -->
<div class="main">
- <h3><em>Important:</em> Be wary of invalid keys</h3>
+ <h3>Be wary of invalid keys</h3>
<p>GnuPG makes email safer, but it's still important to watch out for invalid keys, which might have fallen into the wrong hands. Email encrypted with invalid keys might be readable by surveillance programs.</p>
<p>In your email program, go back to the second email that Edward sent you. Because Edward encrypted it with your public key, it will have a message from Enigmail at the top, which most likely says "Enigmail: Part of this message encrypted."</p>
<p><b>When using GnuPG, make a habit of glancing at that bar. The program will warn you there if you get an email encrypted with a key that can't be trusted.</b></p>
projects / enc-live.git / commitdiff