>However, PGP is extremely vulnerable to keystroke logging. >Clipboard pasting your PGP password simply shifts the >vulnerability to clipboard logging. And the PGP private >key would seem to be something one could grab off the >user's hard drive over the 'net.
PGP may be vulnerable to keystroke logging in terms of capturing the passphrase; but snagging the private key off of the harddrive is another story. PGP 8.0 running on XP locks the keyring files so you can't even make a copy using the XP file manager. It appears that the only way to copy the keyring is to do it from PGPKeys by setting the backup directory and then exiting the program. In order to exploit the keylogging vulnerability, the cracker would have to have sufficient access to the target's computer to be able to actually run PGP and use the pilfered passphrase to decrypt or sign a message... Some trojans take advantage of a Microsoft "helpful" feature on XP by setting up a "Remote Desktop" connection. It is possible that via a remote desktop connection the PGP program could be run and used to sign/decrypt messages or payment instructions. The amount of work required for a cracker to steal Pecunix is at least an order of magnitude more than it is for e-gold. With PGP-enabled accounts it is probably two orders of magnitude harder. Since all crypto can ultimately be cracked, applied cryptography boils down to making sure that it costs more to crack your keys than the value protected by them. It would seem that Pecunix is quite successful in that regard. It will be interesting to see how Pecunix and others take advantage of the new "PGP Universal." http://goldeconomy.com/ct/t.php?l=144 It would seem strange to have PGP encrypted email that you never see or have to manually decrypt. How would you know if it wasn't working? * --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
