Impact of Netscape kernel hole
John Young
jya at pipeline.com
Fri Jun 13 18:17:29 PDT 1997
Huge Cajones wrote:
>Tim's post (although refuted by Marc) raises some serious issues since I
>suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Isn't it widely known that the secret key is not to be stored in the box, as the
PGP manual and security pubs emphasize?
Still, it would be good to know if a Netscape snooper could snarf a key while
it is being used by PGP to decrypt, that is, whether the hole allows snooping
on dynamic ops or just on stored info.
Does anyone know if the the hole finders are discussing this on the Net, and
if so, where? What are the folks at Netscape saying? Tom, Jeff?
More information about the cypherpunks-legacy
mailing list