At 12:25 am -0800 12/19/96, Bill Stewart wrote:
Several articles on the PGP-users mailing list have discussed keystroke snarfers that unexpectedly grab and save keystrokes, including passwords, severely weakening any benefits from encryption. [elided] From: patm@connix.com (Pat McCotter)
Which is why, every once in a while, I do a search of my entire disk [...] with Norton DiskEditor. [elided]
Be careful - PGP goes to a lot of effort to overwrite your passphrase when it's done using it; Norton or grep or other disk-crawlers are unlikely to do so, because that sort of paranoia's not part of their job [elided]
Indeed, and any malignant passphrase-snarfer is probably going to anticipate this counter-attack and scramble the text stream it saves invisibly so that disk sector searches will be unlikely to pop up your passphrase. We definitely need to build better defenses against this sort of thing. dave ________________________________________________________________________ Dave Del Torto +1.415.524.6231 tel Manager, Strategic Technical Evangelism +1.415.631.0599 fax Pretty Good Privacy, Inc. http://www.pgp.com web