Originally Posted by Martinis at 8
Laptop theft is my other concern. If I have PGP on my own machine can the e-mails be left encrypted on the laptop. I'm thinking the thieves would need to know the pass phrase in order to read anything that's left encrypted on the machine.
If your private key is on the machine then they just need the passphrase. Your passphrase has to be about 100 characters to provide a high level of security in this situation. For most people, coming up with a relatively random passphrase of this length is going to be difficult. (Generally speaking you want a long passphrase regardless of whether you think your private key will be stolen/intercepted.)
Put your private key on a USB drive and have the drive implanted in your body, with only the plug sticking out. Then you can just plug yourself in as necessary, and if you lose the laptop, your files will still be secure.
Originally Posted by Jimmie76
Although I wouldn't take this as fact, I don't see much reason to doubt it, I believe in theory that it could be done, using/compromising the OS on which the encryption software runs.
The Clinton administration wanted to mandate that that all computers had the "Clipper Chip" in them. It would provide an OK level of encryption, except that there was a back door that the government could easily use to decrypt anyone's data. Of course, as any idiot should realize, that "back door" would probably be kept secret for about 10 minutes before it was leaked or someone else figured it out, thus compromising the security of every computer. Fortunately, that terrible idea never got any traction.
Originally Posted by ClueByFour
It's far easier to simply tempest your machine or keylog it to figure your passphrase, though.
Or use a microphone
http://www.freedom-to-tinker.com/?p=893