Re: PGP scripting...
From: Valdis.Kletnieks@vt.edu
Date: 01/07/03
- Previous message: Chris Matthews: "RE: PGP scripting..."
- In reply to: Andrew MacKenzie: "PGP scripting..."
- Next in thread: Keith Smith: "RE: PGP scripting..."
- Reply: Keith Smith: "RE: PGP scripting..."
- Reply: Marcin Owsiany: "Re: PGP scripting..."
- Reply: Frank Knobbe: "Re: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Andrew MacKenzie <andy@edespot.com> From: Valdis.Kletnieks@vt.edu Date: Tue, 07 Jan 2003 15:19:24 -0500
On Tue, 07 Jan 2003 12:02:13 EST, Andrew MacKenzie <andy@edespot.com> said:
> My question therefore is: is all this worth the trouble? In order to use
> PGP with scripts (or even Java code), the scripts need access to both the
> private key and pass phrase (which are stored locally in files). If the
> system were compromised would any of this help?
Simple answer: "GAME OVER".
Detailed answer: If the system is compromised, they have all the data they
need to get all the data. The only way to "fix" this is to have a "pgp daemon"
that needs to be started by hand so you can give it the passphrase.
The disadvantage is that if the system reboots, you can't easily/reliably
restart it from a /etc/rc.* script....
Also, remember that if the system is compromised, you can probably get a lot
of cool info via a 'strings /dev/kmem' or similar....
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
- application/pgp-signature attachment: stored
- Next message: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Previous message: Chris Matthews: "RE: PGP scripting..."
- In reply to: Andrew MacKenzie: "PGP scripting..."
- Next in thread: Keith Smith: "RE: PGP scripting..."
- Reply: Keith Smith: "RE: PGP scripting..."
- Reply: Marcin Owsiany: "Re: PGP scripting..."
- Reply: Frank Knobbe: "Re: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
