| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403231924.04050.caraciola@gmx.net> From: caraciola at gmx.net (Caraciola) Subject: Re: pgp passphrase -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ... > And if I 0wn your box, do you not think that my keylogger can get your > passcode? Good grief! If the box is hacked, I can get any information I > need from you to screw you up further. Passcodes or anything else you have > *or* type are trivial to obtain once I have root on the box. > > I'm a bit surprised that I have to point this out. > > Paul Schmehl (pauls@...allas.edu) ... One measure to enhance security would be externel storage of keys, on a smart card like in secure internet banking where an external reader has to have a keypad, so a pass doesn't travel anywhere on the computer ... with banking there are only numbers as pass, but the principle seems sound enough. Caraciola - -- Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAYIC+ANzMondHN+cRAmAuAKCKUVGLo5mbizClnaeKYGJKUt/v3wCgjK7L tp2pKEqsgON7jBmOm5B9cpc= =gFLY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists