[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
>This means that the pass phrase [for the remailer secret key] has to
>exist, in the clear, in the scripts which implement the remailer.
Currently that is the easiest way, to be sure. Another way would be
to store the passphrase encrypted in a file so that at least it's not
findable with strings(1). Here a quick hack for someone who's looking
for a project: a passphrase storage process which accepts requests
from a slightly modified PGP.
Hal's basic point, however is not mitigated. Nothing is secure from a
clever root.
>Perhaps Karl could add a notation in his
>remailer lists about which machines are public and which are private.
An excellent suggestion.
Eric