USER SECURITY
=============

1) When the user wishes to send a message to another entity, the user
   /must/ obtain that entities /authentic/ public-key. The best way to do
   this is in person. The worst way to do this is the method most commonly
   used, and that is sending public-keys over an insecure network: the
   internet ! Sending a public-key over the internet allows an adversary
   (most likely a computer) to perform a Man-In-The-Middle attack, whereby
   the adversary snatches the key in transit and replaces it.

2) CRT (Cathode Ray Tube) surveillance. Some people may not be aware
   of the fact that with the necessary surveillance equipment, it is
   possible to remotely view someones computer monitor screen. This
   is due to the fact that a CRT monitor is essentially a very good
   radio transmitter. The best way to counter this threat is to use
   an LCD screen, preferably with additional shielding (look up
   "shielding" and "Faraday cage" in an electronics dictionary).
     Remember that CRT surveillance completely bypasses any security
   provided by this cryptosystem. However, using the cion_encrypt(1)
   program with the -m option defeats CRT surveillance in this instance,
   since the message you enter is not echoed back to your screen.

3) Never use this software over a network remote-login, even if it is
   supposedly "secure", e.g. OpenSSH.

4) Don't use a small or predictable password for encrypting your private-key.
   Don't use a small or predictable password for encrypting your public-keys,
   should you choose to do so. Under no circumstances should these passwords
   be revealed to anyone.

5) When you delete a file on your computers hard-disk, it doesn't
   necessarily mean someone cannot retrieve the file by analysing
   data on your hard-disk. If you want to be certain nobody can salvage
   a "deleted" file, do all your work on a floppy-disk and then format
   the disk after use. Alternatively, the FreeBSD and OpenBSD operating
   systems provide the -P command line option to the rm(1) command which
   overwrites regular files before deleting them.
     However, using the cion_encrypt(1) program with the -m option defeats
   hard-disk analysis in this instance, since this causes your plaintext
   message to be entered directly to the program, thus avoiding the
   hard-disk completely (unless pages of memory are swapped out)

6) Use this software on a computer which only you have physical access to.

7) When using cion_fencrypt(1) and cion_fdecrypt(1) to encrypt/decrypt
   normal files (as opposed to public/private binary keys) always use
   gzip(1) on any file which is not binary data, e.g. ASCII text files
   etc. It is very important that the plaintext data to be encrypted
   is in the full range of binary values, and not some skewed
   representation such as ASCII.
