My wife's machine is Vista. Rest of our house is Linux or BSD. To remove Windows from my house, I'd have to pull a Smith & Wesson on my wife, which I've decided is a bad idea

You missed one important part from my post:

I'm divorced. She still uses windoze last I heard. Of course, my ex is not real bright either. She would have lost her data if it was not for me. Nasty blue screen thing when you cut it on. Put drive in my rig and copy it all over then reinstall winders. She keeps using the same windoze expecting a different result. I keep using Linux and keep getting the same result. Hers keep crashing and mines keeps running.

Love my Gentoo Linux ! ! !

No, I didn't miss that. If your private key is stolen, then signatures can be forged in your name. You are absolutely correct in this and I never said you were not correct here.

What I was saying was that if a key pair are issued in your name to someone else (yay trusting big corporations!), as what happened to Microsoft, then *signatures can be forged in your name* as well. I agree with you about private keys being compromised, but I wanted to point out that there are other ways to "compromise" signatures.

Gentoo is my favored Linux distro. When I use Linux it's always Gentoo.

I've only seen my wife's Vista box BSOD once, and that was because a graphics card overheated and popped a few components off (yikes). As was pointed out to me, in a *nix system that would've simply caused X glitches/crash/etc... but the core system would've been fine. Not so with even Vista (supposed to be more stable, secure, etc...).

Certainly better than Microsoft's older attempts, but still not up to par with Linux or BSD.

However, I like the more user friendly variants. Basically, I normally use Fedora 8 on a laptop. Aside from the occasional lockup once in a while, it works without causing too many problems. It dual boots with Vista. Of course, the laptop is far more lively running Linux.

I have also used SuSE and Simply Mepis with great success.

There is not much difference here. The meaning is the same "someone else has access to your key".

But your knowledge of said key is different. In the case that someone literally steals your private key, you obviously are aware said key exists (even if you're not aware it's been compromised). In the case that someone acquires a key in your name, you may or may not be aware said key even exists...in which case I'd think "your key" would not be applicable even if the attacker can sign documents or packages or e-mails or whatever in your name. Functionally the same, yes, but very different in how the attack took place.

Look, in my opinion: more than one person uses key == potential security problem.

If someone else has a key signed by a CA in my name, that's not more than one person using a key.

Public and private PGP keys are like passwords. They should be changed every so often. One wonders this.

What is the best way to send a file or folder over the net, say through Skype file sharing, that requires a password to open it & has strong encryption? Basically, you give the password over the phone and send the file.

My opinion is not listed as an option for this poll.

If you use public/private keys properly, it's not an issue. Here's how it works... (and by-the-way, this all happens "automagically")

If I want to send a file to you, and only to you, then I would encrypt that file using your public key. Having done so, I cannot decrypt it myself: only you can.

So, how can you know that the file came from me, and that it is actually what I intended to send? Well, within the encrypted parcel you will find a "signature" which consists of a SHA1-based checksum of the original message ... encrypted using my private-key, which (presumably) only I possess. You decrypt the signature using my public-key ... and it works, which means that I must have sent it. Now you compare the decrypted SHA1-hash and find that yes, it does match the decrypted message. So you conclude that the message has not been altered.

So, there is no need for a "shared secret." I don't have to call you up on some other channel (the phone...) and "tell you a secret." Even though we'll never meet, I know that only you can read my message, and you know that only I could have sent it ... and that what you received is exactly what I intended to send.

Any e-mail system or file-transfer worth its salt can accomplish this transparently.

P.S.: So, is there any "password in this picture?" Why, yes there is. If I'm smart, then I will password-protect my private key... subjecting the stored copy of the key to a (symmetric...) encryption so that I must enter a password to decrypt and thereby obtain it.

So, if my private-key is stolen, someone will have to hold a revolver to my head or to my loved one's head in order to get it from me. (And I will very quickly oblige...!)

Also, I will maintain several private-keys, basically "one per channel," if I am engaging in a lot of different types of communication, and I will impose drop-dead dates upon each key. If I intend for a particular key to be used only in a particular situation (say, "with a particular web-site"), I will embed these parameters into the key's metadata so that my recipients and their software can validate it ... and raise an alarm as-needed). All of these principles improve, not so much the security but rather the integrity of my communications.

I will use, and trust, industry-standard peer-reviewed frameworks (such as SSLv2, GPG, and so-on) instead of "rolling my own." These frameworks not-only use encryption standards that are known to be "good for civilian purposes," but embed them in management-protocols that are known to be "good for above-civilian purposes." All for free.

We can do all that but we can't nuder the spammers !!!! I'll be so glad when someone comes up with a way to stop the spam cold or dead or whatever term you want to use.

I'm sure the people that make spam filters won't like that but I will.

It's been some time since I've logged into Linux forum although I've been trying out various Live CDs such as DSL, Mandriva, PCLinuxOS, Puppy and Ubuntu and Mint along the way, the latter two which I downloaded and burned to CD then installed them in a Windows partition.

Finally, only 6 days ago, I decided on Debian 5.0 which I downloaded, burned and installed permanently on my PC, removing Windows XP in the process.

For months, I had been wanting to replace my copy of Windows XP with a suitable Linux OS and Debian more than fitted the bill. This OS works out of the box and all that is required is a bit of tinkering here and there. For example, Adobe Flash wouldn't install for me, but the people on Debian forum supplied me with a number of solutions, some involving codes to be inserted into the root terminal. One of them obviously worked and I now have first class playback quality on video channels such as YouTube and Google.

Most difficulties are non-major and can be solved as you go along. Presently, I'm seeking advice on how to get my scroll wheel to work. Again, this isn't a major issue and I know it'll be solved in the near future.