> Alrighty. But doesn't this compromise the layer of security offered by > the passphrase? What's the point having a passphrase at all, if it's so > easy to compromise a private key?
You might as well ask, "what's the point of OpenPGP at all, if it's so easy to Van Eyck your monitor?" Or, "if it's so easy to plant a keylogger?" Or, "if it's so easy for someone to whisk me up off the street into a dark van and play the bongos on my kneecaps until I tell my secrets?" Or… the list goes on and on. OpenPGP assumes the endpoints of the communication are secure. If they're not, there's nothing OpenPGP can do to help you make it secure. If you think this is a problem, then I would observe your microwave oven does a really lousy job of keeping your beer cold. All tools have preconditions: the existence of a precondition doesn't mean the tool is broken. The precondition for a microwave oven is, "the food must need heating." The precondition for OpenPGP is, "the endpoints must be secure."
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
