[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Impact of Netscape kernel hole
Huge Cajones wrote:
>Tim's post (although refuted by Marc) raises some serious issues since I
>suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Isn't it widely known that the secret key is not to be stored in the box, as the
PGP manual and security pubs emphasize?
Still, it would be good to know if a Netscape snooper could snarf a key while
it is being used by PGP to decrypt, that is, whether the hole allows snooping
on dynamic ops or just on stored info.
Does anyone know if the the hole finders are discussing this on the Net, and
if so, where? What are the folks at Netscape saying? Tom, Jeff?