On Wed, Dec 03, 2003 at 05:52:30PM -0800, Vineet Kumar wrote: > I'm considering keeping my private keys (ssh, gpg, etc) on removable > storage, maybe one of those USB keys (then my keys could actually go on > my keyring...). It's certainly not foolproof, but at least a sniffed > passphrase could only be used against me when the key is inserted, > which at least slightly reduces the possibility of a private key being > compromised.
If the system is rooted, it would be trivial to write a replacement for ssh (GPG, etc.) that copies your private keys onto the hard drive for later retrieval. Definition of "trivial" is: I, a bad programmer, could do it. -- Carl Fink [EMAIL PROTECTED] Jabootu's Minister of Proofreading http://www.jabootu.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
