* Dave Murray ([EMAIL PROTECTED]) wrote:
> BTW, have you PGP/GPG users seen this?:
> http://cryptome.org/pgp-email-flaw.htm
Yes, and I'm not worried. The exploit requires that:
1. The attacker obtain your secret key.
2. The attacker must replace your secret key in its original location
with a modified version
3. The attacker must have access to a message signed with the modified
version of your secret key
Conventional wisdom says that once someone gets ahold of your secret
key, you're basically toast anyway. Once someone has your secret key,
the only thing keeping them from breaking the scheme entirely is a
passphrase which can be ruthlessly bruteforced anyway.
Joshua
--
Joshua Haberman <[EMAIL PROTECTED]>
University of Puget Sound <[EMAIL PROTECTED]>
http://www.reverberate.org <[EMAIL PROTECTED]>
