[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: pgp passphrase
- To: "mailinglist full-disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Re: pgp passphrase
- From: Caraciola <caraciola@xxxxxxx>
- Date: Tue, 23 Mar 2004 19:23:45 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
...
> And if I 0wn your box, do you not think that my keylogger can get your
> passcode? Good grief! If the box is hacked, I can get any information I
> need from you to screw you up further. Passcodes or anything else you have
> *or* type are trivial to obtain once I have root on the box.
>
> I'm a bit surprised that I have to point this out.
>
> Paul Schmehl (pauls@xxxxxxxxxxxx)
...
One measure to enhance security would be externel storage of keys, on a smart
card like in secure internet banking where an external reader has to have a
keypad, so a pass doesn't travel anywhere on the computer ... with banking
there are only numbers as pass, but the principle seems sound enough.
Caraciola
- --
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFAYIC+ANzMondHN+cRAmAuAKCKUVGLo5mbizClnaeKYGJKUt/v3wCgjK7L
tp2pKEqsgON7jBmOm5B9cpc=
=gFLY
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html