Full Disclosure mailing list archives
Re: password.incleartext.com
From: Valdis.Kletnieks () vt edu
Date: Wed, 06 Apr 2011 17:10:17 -0400
On Wed, 06 Apr 2011 22:38:56 +0200, Romain Bourdy said:
So let's say I store password using PGP for *recovery*, encrypted with my own keys as sender and recipient , I can recover plaintext passwords whenever I want to, but is it unsecure ?
At that point, the security is exactly equal to the security of the keyring your private key is on (plus whatever security is in the combo of your passphrase and the means used to enter it). If it's on a well-hardened laptop, probably pretty secure. You put the keyring on a multi-user system where you don't trust the root user, you get what you deserve.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: password.incleartext.com, (continued)
- Re: password.incleartext.com Peter Osterberg (Apr 06)
- Re: password.incleartext.com Cal Leeming (Apr 07)
- Re: password.incleartext.com Thor (Hammer of God) (Apr 06)
- Re: password.incleartext.com Peter Osterberg (Apr 07)
- Re: password.incleartext.com Inc Leartext (Apr 07)
- Re: password.incleartext.com Cal Leeming (Apr 07)
- Re: password.incleartext.com Valdis . Kletnieks (Apr 07)
- Re: password.incleartext.com Cal Leeming (Apr 07)
- Message not available
- Re: password.incleartext.com T Biehn (Apr 06)
- Re: password.incleartext.com Romain Bourdy (Apr 06)
- Re: password.incleartext.com Valdis . Kletnieks (Apr 06)