How secure is GnuPG

Janusz A. Urbanowicz
Thu Jul 25 11:18:57 2002

-- Start of PGP signed section.
> From: Johan Wevers []
> >Yes, don't use windows, and if you have to, certainly
> >don't use IE and outlook and outlook express.
> Keyboard sniffing is possible on Linux and just about any OS if
> it is compromised at root. Linux machines and client applications

There is an excellent article on it in today's Phrack.

But there is a way to avoid passphrase logging with keylogger. The solution
was used in Tinfoil Hat Linux (and it was the only interesting thing in it).
It works like that - for every letter off passphrase, there is a random
table of characters displayed and user enters coordinates of appropriate
letter. Since new table is generated every time, keyloggers are defeated.
But, it is very inconvenient.