-----BEGIN PGP SIGNED MESSAGE-----
If I am connected to the Internet via a SLIP/PPP connection and I type my passphrase while being online (for example, in Private Idaho, after getting my mail), could that passphrase be compromised? If so, how would that be done?
It certainly _could_ but hopefully isn't. Let's say that Joel McNamara hadn't released the sources to Private Idaho. It's certainly possible that he hooked into the windows created when PI shells out to DOS, and left a snippet of code that mails your keyID and passphrase to some throwaway AOL account, or a nym address that bounces through a dozen remailers, or whatever. Anything you give to a program, especially one that you know accesses the Internet, is a potential security risk. (Special note to Joel, if he's still on this list: Yes, I know better. I've read through all of your released Private Idaho sources. You just seemed like a handy example :) Paranoid yet? Good. That's a healthy state to be in. Fortunately, most developers (like Joel) don't put any such evil hooks into their software. Having access to the source, to be able to read through it yourself, is IMO one of the better ways to be sure about such things. Reading the source and recompiling it yourself is probably the best.
Also, if I am online, is it possible for somebody to access my hard drive?
Depends on what kind of computer and software you're running. I'll assume a Windows-style machine. If we assume that Microsoft didn't leave any lurking backdoors in their implementation of wsock32.dll and winsock.dll, and all you run is your usual Web browser and mail client and you trust _those_ you are probably safe. However, if you're running any server daemons on your machine, such as the MS Personal Web Server or WFTPD or whatever, the possibilities go up _a_lot. Those programs were designed to let others access your hard drive, so there's a much higher chance that they'll let someone get something they're not supposed to. Again, if you trust the people that developed your software to not stab you in the back, you should be alright. Still paranoid? Excellent. dave -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAwUBMuxcVHEZTZHwCEpFAQEIKQf8CMV/7NmaJy50DUmiWV8Pg8iYPv8N3Xcl M+Fr0HRO08nxy9uRJ+C+aLhnwmXWYfiXyeSbsy9veHepZfTzsEBIYntlk4wOs7eZ Lk4mjRVI0bLNE60lxmd+8znL0E0QqzVaw5K7t3W0VEe2AMP7aN+ktZGLuIZ8epTg TSQz4u8Q908r+Od/Ojh2BkG13po63ORPu+wKOzMyLeLWgx5Nz252Xot345tHJSJF QqM9SQkDW3AZQgiz+we4qocXE8XQ1VbrMJ+qhTQ6GgsVjpfwJegvOqgIC7hgbpDd gj8lQuEKRqYIPxCqnbh3GbzIQvIwrr4PhvIOuxHX4RPaRacFjrE4iQ== =F/ib -----END PGP SIGNATURE-----