On Tue, 7 Jan 2003, Andrew MacKenzie wrote: > <..> > I would have prefered to use a PGP library (Java code), but was unable to > find any within the timeframe. I guess you've missed the Cryptix OpenPGP. http://www.cryptix.org/products/cryptix31/index.html > My question therefore is: is all this worth the trouble? In order to use > PGP with scripts (or even Java code), the scripts need access to both the > private key and pass phrase (which are stored locally in files). If the > system were compromised would any of this help? IMHO, this is somewhat similar to the "security through obscurity" question. Attacker wouldn't be able to access the data at once, it should waste some additional time on decompiling your code, finding the algorithm, etc. Such an implementation would be more worth, if you keep the data at untrusted location. m.
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:48:51 PST