From: paul@fatmans.demon.co.uk
Date: Mon, 3 Feb 1997 11:57:30 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Key Security Question
Message-ID: <199702031957.LAA00537@toad.com>
MIME-Version: 1.0
Content-Type: text/plain



> > > On the other hand, if the "repairman" replaced your pgp executable
> > > with version 2.6.3kgb, which uses your hashed passphrase as the
> > > session key, you're hosed.  Or if he installed a keystroke sniffer,
> > > or added a small radio transmitter to your keyboard, or whatever.
> > > Depends on your threat model.  If you need to be paranoid,
> > > they've already gotten you....
> > 
> > If you're really paranoid, you can boot from a clean floppy and
> > reinstall everything from your backup tapes. You do have a
> > contingency plan in case your hard disk goes bad, or gets a
> > virus, don't you? Well, if you're in doubt, exercise it.

Face it, the only solution is to wrap your computer, cat, family, car 
and yourself in aluminium foil and burn your hard disk whilst 
chanting "yamma yamma yamma yaaaaamaa"


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"