* Bryan Andersen <bryan@visi.com> [2001.11.15 12:51:01-0600]:
> Bzzzz... Wrong.
>
> If you don't trust root, your hosed. Root can change the app so he
> has your keys... Root can also change the tty drivers so they are
> all silently logged. There is no way to secure it fully unless you
> type it in encrypted form. At some point you have to decide you've
> done enough and run with it.
word up, i haven't thought that far. well, he won't be able to get the
keys if you created them somewhere else (and he surely has access to
your private keyring), but he can no problems make a custom gpg that adds
his own keypair into the mess to enable him to read. then again, the
recipient side would see that. i am not sure if it's possible to
modify gpg to allow you to read it without leaving traces... you can,
of course, make it mail the stuff clear-text to you (or save it to
file) before encryption...
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
above all, we should not wish to divest
our existence of its rich ambiguity.
-- nietzsche
Attachment:
pgp0rgQBT15JV.pgp
Description: PGP signature