> You generate a new PGP keypair and start using it. Your
> co-worker reboots your machine afterwards and recovers 
> the PRNG state that happens to be stashed on disk. He 
> can then backtrack and potentially recover the exact same
> random numbers that you used for your key.

Said state is rm'med after use. If you didn't detect the breakin,
your fault for poor intrusion detection. lets put the paranoia
to practical use and detect the breakin, not nitpick the systems
that are supposed to be protected.

Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to