See http://www.i.cz/en/onas/tisk4.html for the official press release. The flaw sounds serious. In a nutshell, a hacker can obtain your private key if he can obtain your private key file and a message signed by your private key. Your private key file contains your encrypted private key, which is decrypted using your passphrase. PGP users believe that the private key file is useless unless you know the passphrase. It turns out that that belief is not true. A technical paper about the flaw will be available at http://www.icz.cz/ (or http://www.icz.cz/en/index.html for non-Czech speakers) on Friday. Page A14 of today's New York Times also has the story. Best regards, Bob <sig name = 'Bob Lyons' title = 'B2B Integration Consultant' company = 'Unidex, Inc.' phone = '+1-732-975-9877' email = '[EMAIL PROTECTED]' url = 'http://www.unidex.com/' product = 'XML Convert: transforms flat files to XML and vice versa' /> ======================================================================= To contact the list owner: mailto:[EMAIL PROTECTED] Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
