Owen Boyle wrote: > Sneaky... But I'm a root-privileged hacker on the web-server, remember. > So all I have to do is make the same request of your "pass-phrase > server" that the web-server makes when it boots then get the pass-phrase > from the reply.
in this case, you can fake also the passphrase question and catch the keystrokes. If you have a root privileged hacker on your machine you are lost anyway! Wolfgang ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]