From: hfinney@shell.portal.com (Hal Finney)
Date: Thu, 18 Nov 93 13:31:36 PST
To: cypherpunks@toad.com
Subject: RE: hohocon
Message-ID: <9311182129.AA19727@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
> 
> hmm.. looks like the ideal for someone to test out a dos virus that
> looks for the PGP passphrase and for secret key rings and tries to
> "get out alive" with them.
> 
>                             Tim N.
> 
> Coders start your engines.
> 

Don't type your PGP passphrase on a PC owned by someone else!  You
don't have to use your passphrase to exchange keys.  Keys can be
extracted, added, etc. without the passphrase being entered.

I don't see any way a virus could be spread via PGP key exchange.  At
best (worst) a virus could somehow attach itself to the PGP key file
but it would be just passive data.  It wouldn't do anything.

Hal