Note: if you have an effective keystroke logger installed on someone's computer ............ here's a newsflash ... YOU DO NOT NEED TO DO ANYTHING LIKE BOTHER BREAKING THEIR ENCRYPTION!!!
You haven't thought it through. Yes, with a keystroke logger one can read everything the subject types. But, with a keystroke logger and their purloined private keyring, any messages encrypted to their public key by anyone else in the world can also be read, without having keystroke loggers on all those machines.
Saying "oh, well, everyone knows security method X is no good because it is vulnerable to leystroke loggers" is just a sort of non-comment. EVERYTHING is rendered useless if you have a keystroke logger, or -- say -- a camera in the room watching everything the person types.
Everything on that compromised machine, yes. And, with the PGP password from that keystroke logger and the private keyring, everything that person receives encrypted on any machine is compromised, along with everything sent by anyone who courteously encrypts to his key.
Moreover, once one has the PGP password and keyring, one does not need to bother with the huge files involved in a keystroke log. Keep in mind that analysis is always the area where spy stuff falls apart. Much better to simply grab the messages the subject bothers to encrypt - since these are certainly the interesting stuff.
Given the ready availability of solutions like SRK and your own application of drop down lists, I'm sort of pissed that PGP still pretends that a typed password is adequate security. Aren't you?
Regards,
Jim
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
