Physical storage of key is the weakest link
Andrew Purshottam
andy at autodesk.com
Fri Jul 1 14:01:09 PDT 1994
Excuse my ignorance of PGP, I am fairly new to using it, and thinking about
its operation and source code. Is not your secret key stored encoded by
the pass phrase, so that if the pass phrase is in your head, the secret
key on disk is useless to an attacker? Of course, while PGP is running,
after you have entered the pass phrase, the secret key is available within
your machine, and could be stolen, and if your OS leaves pagefiles etc
arounnd, might even be taken after you shut down PGP.
Or am I missing something? Thanks, Andy
More information about the cypherpunks-legacy
mailing list