Security of PGP private keys
David Mandl
dmandl at lehman.com
Wed Oct 27 08:52:41 PDT 1993
> From: jrk at sys.uea.ac.uk (Richard Kennaway)
>
> PGP secret keys are protected by a password. Yet people have said that one
> should not keep one's secret keyring on an insecure machine. Why?
>
> -- ____
> Richard Kennaway __\_ / School of Information Systems
> Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia
> uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K.
1. Why take chances? Once the evil intruder has the file, she can throw
test passwords at it from now till doomsday and might be able to crack it.
2. On shared machines, there are ways for users with the appropriate access
to read your keystrokes (like, for example, when you type in your pass phrase).
Anyone with that access should also be able to grab your secring.pgp with no
problem, and that's that.
--Dave.
More information about the cypherpunks-legacy
mailing list