Problems with private keyring?

Werner Koch wk at
Thu Mar 22 14:35:01 CET 2001


I am currently staying in Brazil and have mail access only from time
to time.  I'll enter the plane back today at 22:00 GMT and won't be
ableto anser any mals before Friday late evening.

However, I will look into this issue.  AFAI can tell from the few
mails I could read, it is not much worser than a weak passphrase -
however, it is serious.

An easier way to achieve the goal of faking a signature has always
been possible by replacing the gpg binary by a trojaned one which
sends the passphrase back.

Please dome a favor and don't write private mail unless you have
really important information and in this kind you probably have to
encrypt it.  Use g10 at for _serious_ discussion.



Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code           et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list