From: "Steven T. Cramer" <[EMAIL PROTECTED]> > > And if they do get your private key, what will they be able > > to do with it? Without also having your password, it's useless, no? > > No it is not useless. They can use it to unencrypted and message > encrypted with his public key. > > The could load that key on there PGP or many a other application and > decrypt it. > > Patrick is right. The password should protect the key at all times IMO. > > Steve
True: the exported private key is just plain-old-text and completely usable. Another theory that a friend of mine pointed out was that if someone can log into your computer, all bets are off anyway. The only problem with that theory is this: what is the point of ever encrypting a file on your own computer? If someone can log into the computer, they can export the private key and therefore decrypt every file on the computer. I suppose the encryption helps with security over a local network, but that's about it. Once someone can log into your computer, all bets are off. If that happens, your PGP password provides NO additional security. -- Patrick --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
