[tech] GPG
David Basden
davidb-ucc at rcpt.to
Thu Aug 2 15:16:26 WST 2001
On Thu, Aug 02, 2001 at 02:59:35PM +0800, Grahame Bowland wrote:
> > > You can't use GPG usefully on untrusted machines :]
> >
> > Just to be a pedantic bastard, you can't really use GPG or SSH on
> > untrusted machines; It's quite possible that the binary has been
> > compromised to (say) log paraphrases with a couple of lines of code.
>
> That's exactly my point. What I do is to not trust UCC at all, and just
> give it my public SSH key. When I ssh in to UCC there's just some
> exchange of information to confirm that I really do have the private key
> to match that public key - the passphrase isn't sent to UCC at all.
Arrrg. Sorry. Read 'can't' as 'can'. I think I need more sleep.
Oh, and they can probably compromise your private key on a case-by-case
basis if you're using agent forwarding through untrusted hosts. Using
Mikolaj's agent works around this.
David
More information about the tech
mailing list