17 Dec
2003
17 Dec
'03
11:17 p.m.
Huge Cajones wrote:
Tim's post (although refuted by Marc) raises some serious issues since I suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Isn't it widely known that the secret key is not to be stored in the box, as the PGP manual and security pubs emphasize? Still, it would be good to know if a Netscape snooper could snarf a key while it is being used by PGP to decrypt, that is, whether the hole allows snooping on dynamic ops or just on stored info. Does anyone know if the the hole finders are discussing this on the Net, and if so, where? What are the folks at Netscape saying? Tom, Jeff?