-----BEGIN PGP SIGNED MESSAGE----- A quick question: Has anybody considered the possibility of hacking something into PGP's password protection to allow an S/Key like access? IE, I'm sitting here in FL on a 2400 bps modem, telnetted through Netcom's dialup to hks.net, so I'm not bloody likely to be typing my passphrase in and thus am barred from using PGP (without hideous contortions, that is). My questions: - Has anybody done any work on making an S/Key-like mechanism with the assumption that the machine running PGP is (somewhat) secure? This I'm certain is technically possible. More complex: - Has anybody put any thought into a mechanism based upon one-time passwords for regulating PGP private key use on shared, insecure machines (strength == quality of password, of course)? If people could have a widget very much like the Macintosh S/Key widget on their Mac fom which they could cut-n-paste their one time password, it seems like we'd be one step closer to addressing concerns like Tim's. Just a thought... A GUCAPI would make such a mechanism easier, of course (I haven't abandoned the GUCAPI thought: I'm just gestating). - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLvOEUSoZzwIn1bdtAQGRSgF8DAt6/1WjmiU3clMy0E+EU4RDmcF0JaGC Y+pNb8dgOzWXEr9b5EyWM0BS4uqw13mK =Xsa9 -----END PGP SIGNATURE-----