Problems with private keyring?
wk at gnupg.org
Thu Mar 22 14:35:01 CET 2001
I am currently staying in Brazil and have mail access only from time
to time. I'll enter the plane back today at 22:00 GMT and won't be
ableto anser any mals before Friday late evening.
However, I will look into this issue. AFAI can tell from the few
mails I could read, it is not much worser than a weak passphrase -
however, it is serious.
An easier way to achieve the goal of faking a signature has always
been possible by replacing the gpg binary by a trojaned one which
sends the passphrase back.
Please dome a favor and don't write private mail unless you have
really important information and in this kind you probably have to
encrypt it. Use g10 at gnupg.org for _serious_ discussion.
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
More information about the Gnupg-devel