/biz/ - Business & Finance

>Repost for visibility
As promised, here is the first weekly opsec discussion. The goal here is awareness, not mastery, in the hope that monerochads can have a well rounded understanding of various opsec concepts and tools that are commonly used in conjunction with XMR. This week is PGP, i will try to keep this short and concise as to not shit up the general.

>What is PgP?
PGP (pretty good privacy) is an encryption standard created in 1991 by Phil Zimmermann, an American Comp sci and cryptographer. PGP provides users with communications encryption and originator verification as well as file and disk partition encryption through the use of compression, hashing, Public Key and symmetrical encryption. While it is often referred to as PGP, what people are typically using is OpenPGP, as PGP is actually owned by Symantec.

>Why PGP?
PGP is the de-facto standard for email security among those in opsec critical circles. By using PGP properly, users can have a degree of certainty that they are maintaining their confidentiality and data integrity within the hostile environment that is the internet. One thing all of us should understand is the motto "not your keys, not your crypto", and this applies to our communications security as well. There are many services that provide encrypted email and chat services, but there is often one underlying problem. You don't hold the keys. If your communications are encrypted, but your private key is stored on some AWS server in god knows where, you are vulnerable to exploit in a similar way that custodial crypto holders are, except you may not just lose your money, but also your life or freedom depending on the severity of your threat model. By using PGP software and securing our own private keys you alone are responsible for your security.

As promised, here is the first weekly opsec discussion. The goal here is awareness, not mastery, in the hope that monerochads can have a well rounded understanding of various opsec concepts and tools that are commonly used in conjunction with XMR. This week is PGP, i will try to keep this short and concise as to not shit up the general.

>What is PgP?
PGP (pretty good privacy) is an encryption standard created in 1991 by Phil Zimmermann, an American Comp sci and cryptographer. PGP provides users with communications encryption and originator verification as well as file and disk partition encryption through the use of compression, hashing, Public Key and symmetrical encryption. While it is often referred to as PGP, what people are typically using is OpenPGP, as PGP is actually owned by Symantec.

>Why PGP?
PGP is the de-facto standard for email security among those in opsec critical circles. By using PGP properly, users can have a degree of certainty that they are maintaining their confidentiality and data integrity within the hostile environment that is the internet. One thing all of us should understand is the motto "not your keys, not your crypto", and this applies to our communications security as well. There are many services that provide encrypted email and chat services, but there is often one underlying problem. You don't hold the keys. If your communications are encrypted, but your private key is stored on some AWS server in god knows where, you are vulnerable to exploit in a similar way that custodial crypto holders are, except you may not just lose your money, but also your life or freedom depending on the severity of your threat model. By using PGP software and securing our own private keys you alone are responsible for your security.