On Tue, 07 Jan 2003 12:02:13 EST, Andrew MacKenzie <andyat_private> said: > My question therefore is: is all this worth the trouble? In order to use > PGP with scripts (or even Java code), the scripts need access to both the > private key and pass phrase (which are stored locally in files). If the > system were compromised would any of this help? Simple answer: "GAME OVER". Detailed answer: If the system is compromised, they have all the data they need to get all the data. The only way to "fix" this is to have a "pgp daemon" that needs to be started by hand so you can give it the passphrase. The disadvantage is that if the system reboots, you can't easily/reliably restart it from a /etc/rc.* script.... Also, remember that if the system is compromised, you can probably get a lot of cool info via a 'strings /dev/kmem' or similar.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:28:42 PST