[tech] GPG
David Basden
davidb-ucc at rcpt.to
Thu Aug 2 14:04:12 WST 2001
On Mon, Jul 09, 2001 at 08:25:45PM +0800, Grahame Bowland wrote:
> On Mon, Jul 09, 2001 at 06:47:11PM +0800, Anil Sharma wrote:
> > is there anyway of using GPG at ucc without having to trust wheel members
> > not stealing my private key?
>
> No - if you use a passphrase we'll just take it off you!
>
> You can't use GPG usefully on untrusted machines :]
Just to be a pedantic bastard, you can't really use GPG or SSH on
untrusted machines; It's quite possible that the binary has been
compromised to (say) log paraphrases with a couple of lines of code.
Your unlocked private key is also in memory, but thats going to be
a bit less easy to exploit without thinking about it ;-)
David
(Who has probably been spending waaaay too much time thinking about
security lately)
More information about the tech
mailing list