If I am connected to the Internet via a SLIP/PPP connection and I type my passphrase while being online (for example, in Private Idaho, after getting my mail), could that passphrase be compromised? If so, how would that be done?
There are a number of things that can happen. Basically, if you don't directly control the device/application that is doing the encryption for you, you run the risk of someone intercepting whatever you xmit. For example, if you have a dial up type shell account with your local ISP, and you depend on some UNIX based encryption program to secure your mail (running on the ISP's machine), anyone with root access can tap the tty and watch you enter your passphrase. You're also susceptable (sp?) to someone taping your phone line and looking at you with a packet analyzer. I suppose if you were doing something locally, and someone wanted to be really sneaky, they could embed something like keycopy on your machine (with a virus or something) and get coppied every time you enter a keystroke. I don't suppose it would be all that difficult to get a machine to run a tsr that got kicked off every time you accessed something like, say , PGP....Comments? Shaft! Damn Straigt. shaft@africamail.com