How secure is GnuPG
Janusz A. Urbanowicz
alex@FUCKUP.fantastyka.net
Thu Jul 25 11:18:57 2002
-- Start of PGP signed section.
> From: Johan Wevers [mailto:johanw@vulcan.xs4all.nl]
> >Yes, don't use windows, and if you have to, certainly
> >don't use IE and outlook and outlook express.
>
> Keyboard sniffing is possible on Linux and just about any OS if
> it is compromised at root. Linux machines and client applications
There is an excellent article on it in today's Phrack.
But there is a way to avoid passphrase logging with keylogger. The solution
was used in Tinfoil Hat Linux (and it was the only interesting thing in it).
It works like that - for every letter off passphrase, there is a random
table of characters displayed and user enters coordinates of appropriate
letter. Since new table is generated every time, keyloggers are defeated.
But, it is very inconvenient.
Alex