1994-07-01 - Re: Physical storage of key is the weakest link

Header Data

From: Andrew Purshottam <andy@autodesk.com>
To: tcmay@netcom.com (Timothy C. May)
Message Hash: 5b0836151d19a24b0ee93365151a0834d327a62efcf9c9748950a68548dc6050
Message ID: <199407012057.NAA24090@meefun.autodesk.com>
Reply To: <199407012037.NAA17138@netcom11.netcom.com>
UTC Datetime: 1994-07-01 21:01:09 UTC
Raw Date: Fri, 1 Jul 94 14:01:09 PDT

Raw message

From: Andrew Purshottam <andy@autodesk.com>
Date: Fri, 1 Jul 94 14:01:09 PDT
To: tcmay@netcom.com (Timothy C. May)
Subject: Re: Physical storage of key is the weakest link
In-Reply-To: <199407012037.NAA17138@netcom11.netcom.com>
Message-ID: <199407012057.NAA24090@meefun.autodesk.com>
MIME-Version: 1.0
Content-Type: text/plain


Excuse my ignorance of PGP, I am fairly new to using it, and thinking about
its operation and source code. Is not your secret key stored encoded by
the pass phrase, so that if the pass phrase is in your head, the secret
key on disk is useless to an attacker? Of course, while PGP is running,
after you have entered the pass phrase, the secret key is available within 
your machine, and could be stolen, and if your OS leaves pagefiles etc
arounnd, might even be taken after you shut down PGP.

Or am I missing something? Thanks, Andy





Thread