On Wed, 06 Apr 2011 22:38:56 +0200, Romain Bourdy said: > So let's say I store password using PGP for *recovery*, encrypted with my > own keys as sender and recipient , I can recover plaintext passwords > whenever I want to, but is it unsecure ? At that point, the security is exactly equal to the security of the keyring your private key is on (plus whatever security is in the combo of your passphrase and the means used to enter it). If it's on a well-hardened laptop, probably pretty secure. You put the keyring on a multi-user system where you don't trust the root user, you get what you deserve.
Attachment:
pgpZq60DoU24p.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/