[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Physical storage of key is the weakest link



Excuse my ignorance of PGP, I am fairly new to using it, and thinking about
its operation and source code. Is not your secret key stored encoded by
the pass phrase, so that if the pass phrase is in your head, the secret
key on disk is useless to an attacker? Of course, while PGP is running,
after you have entered the pass phrase, the secret key is available within 
your machine, and could be stolen, and if your OS leaves pagefiles etc
arounnd, might even be taken after you shut down PGP.

Or am I missing something? Thanks, Andy