Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: pgp passphrase
From: Caraciola <caraciola () gmx net>
Date: Tue, 23 Mar 2004 19:23:45 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


...
And if I 0wn your box, do you not think that my keylogger can get your 
passcode?  Good grief!  If the box is hacked, I can get any information I 
need from you to screw you up further.  Passcodes or anything else you have 
*or* type are trivial to obtain once I have root on the box.

I'm a bit surprised that I have to point this out.

Paul Schmehl (pauls () utdallas edu)
...

One measure to enhance security would be externel storage of keys, on a smart 
card like in secure internet banking where an external reader has to  have a 
keypad, so a pass doesn't travel anywhere on the computer ... with banking 
there are only numbers as pass, but the principle seems sound enough.

Caraciola

- -- 
 Full-Disclosure - We believe in it.
 Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFAYIC+ANzMondHN+cRAmAuAKCKUVGLo5mbizClnaeKYGJKUt/v3wCgjK7L
tp2pKEqsgON7jBmOm5B9cpc=
=gFLY
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault