[4165] in cryptography@c2.net mail archive
Re: PGP compromised on Windows 9x?
daemon@ATHENA.MIT.EDU (Alan Olsen)
Mon Feb 8 16:02:55 1999
From: "Alan Olsen" <alano@adams.pcx.ncd.com>
Date: Mon, 8 Feb 1999 10:27:17 -0800
In-Reply-To: Harald Hanche-Olsen <hanche@math.ntnu.no>
"Re: PGP compromised on Windows 9x?" (Feb 4, 6:50pm)
To: Harald Hanche-Olsen <hanche@math.ntnu.no>, cryptography@c2.net
On Feb 4, 6:50pm, Harald Hanche-Olsen wrote:
> Subject: Re: PGP compromised on Windows 9x?
> As is pointed out in the referenced article, this macro virus only
> steals the (encrypted) private keyring, and hence private keys are
> still safe unless the attacker can break the encryption. Which he can
> easily do with a dictionary search, if the user has been overly
> simplistic in her choice of pass phrase.
What is also compromised is the relationships between your true name and any
nyms that you use. Unless you encrypt your keyring (which makes using most PGP
tolls difficult to use), all of your nyms are viewable to anyone who can snag
your keyring. No passphrase is needed.
This may not be a problem to most users, but to those who use multiple keys,
this can be a serious problem. (Just ask Toto...)
--
Alan Olsen "Carpe Aptenodytes!"
alano@ncd.com
