* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.15 12:51:01-0600]: > Bzzzz... Wrong. > > If you don't trust root, your hosed. Root can change the app so he > has your keys... Root can also change the tty drivers so they are > all silently logged. There is no way to secure it fully unless you > type it in encrypted form. At some point you have to decide you've > done enough and run with it.
word up, i haven't thought that far. well, he won't be able to get the keys if you created them somewhere else (and he surely has access to your private keyring), but he can no problems make a custom gpg that adds his own keypair into the mess to enable him to read. then again, the recipient side would see that. i am not sure if it's possible to modify gpg to allow you to read it without leaving traces... you can, of course, make it mail the stuff clear-text to you (or save it to file) before encryption... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" [EMAIL PROTECTED] above all, we should not wish to divest our existence of its rich ambiguity. -- nietzsche
pgp4CME4Bj3dI.pgp
Description: PGP signature