17 Dec
2003
17 Dec
'03
11:17 p.m.
Excuse my ignorance of PGP, I am fairly new to using it, and thinking about its operation and source code. Is not your secret key stored encoded by the pass phrase, so that if the pass phrase is in your head, the secret key on disk is useless to an attacker? Of course, while PGP is running, after you have entered the pass phrase, the secret key is available within your machine, and could be stolen, and if your OS leaves pagefiles etc arounnd, might even be taken after you shut down PGP. Or am I missing something? Thanks, Andy