How secure is GnuPG

Ryan Malayter rmalayter@bai.org
Thu Jul 25 00:40:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: Janusz A. Urbanowicz [mailto:alex@FUCKUP.fantastyka.net]=20
>But there is a way to avoid passphrase logging with=20
>keylogger. The solution was used in Tinfoil Hat Linux=20
>(and it was the only interesting thing in it). It works=20
>like that - for every letter off passphrase, there is a=20
>random table of characters displayed and user enters=20
>coordinates of appropriate letter. Since new table is=20
>generated every time, keyloggers are defeated. But, it=20
>is very inconvenient.

But couldn't a skilled root-level attacker that new about this
approach sniff the keyboard and the screen, allowing the eavesdropper
to reconstruct the password?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (MingW32) - WinPT 0.5.13

iEYEARECAAYFAj0/LOIACgkQ9wZiZHyXot7tzACfVLZMhwxmK8XZ648GShEfhWs8
nCgAnR4NzCdOqMNZLBKMjyefdttnYXxS
=3DskiB
-----END PGP SIGNATURE-----