Re: Czech attack to PGP - keep the kimono closed

At 7:49 PM +0000 3/22/01, Lutz Donnerhacke wrote:

Ack. We should stress that private key files should not reside on shared
media and that OpenPGP ist a transport message format, not a local storage
recommendation. Implementations are free to choose anything else.

Yes, definitely, Lutz. This has been mentioned in a number ofdifferent messages, but this is probably the single most importantpoint, and worth singling it out. Transferring secret key filesmakes them vulnerable to attack. Vlastimil and Rosa have shown aparticular way to attack them.


best,

--

john noerenberg
jwn2(_at_)qualcomm(_dot_)com
  --------------------------------------------------------------------------
  Peace of mind isn't at all superficial, really.  It's the whole thing.
  That which produces it is good maintenance; that which disturbs it
  is poor maintenance.
  -- Zen and the Art of Motorcycle Maintenance, Robert M. Pirsig, 1974
  --------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Czech attack to PGP, hal Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, Lutz Donnerhacke Re: Czech attack to PGP, hal Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, Lutz Donnerhacke Re: Czech attack to PGP - keep the kimono closed, John W Noerenberg II <= Re: Czech attack to PGP, Werner Koch Re: Czech attack to PGP, alphabeta Re: Czech attack to PGP, Lutz Donnerhacke Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, hal Fix the secret key packet, not the S2K, Michael Young Re: Czech attack to PGP, Bill Frantz Re: Czech attack to PGP, Werner Koch Re: Czech attack to PGP, hal Java implementation, Jacques Exelrud

Previous by Date:	Re: Czech attack to PGP, Lutz Donnerhacke
Next by Date:	Question, Taral
Previous by Thread:	Re: Czech attack to PGP, Lutz Donnerhacke
Next by Thread:	Re: Czech attack to PGP, Werner Koch
Indexes:	[Date] [Thread] [Top] [All Lists]