--LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 12:52:37PM +0200, Rob Kaper wrote: > On Thu, Sep 04, 2003 at 12:11:13PM +0200, Martijn Klingens wrote: > > If root doesn't have the key it is always capable to retrieve it in a s= ystem=20 > > that's in use. Encryption only helps against systems that are not and c= annot=20 > > be trojaned. >=20 > True, but that's no argument not to encrypt, or not to secure. Yes. As I said on IRC, I could get shot in the head while walking down the stree= t. I don't spend my life in a bombproof vest, however; I just try to avoid walki= ng down dark alleys in dodgy parts of the city at 4am when I'm too drunk to de= fend myself. Encryption makes life a hell of a lot harder for attackers; not impossible,= just harder. It's like MD5 passwords: do you (not you, Capsi; a more inclusive "= you") store all your passwords as crypt, or plaintext, simply because you could d= efeat MD5 if you really felt like it? I think most of this thread has missed the point; yes, you *could* defeat KWallet's security if you really wanted to. However, you could also get my = GnuPG passphrase by attaching electrodes to my testicles; that's not a good argum= ent for me to put my unpassworded private key on a public location, though. This is about relative security, and whether the merits outweigh the negati= ves, not about whether backups could be potentially be cracked. Do the merits outweigh the negatives? --=20 Daniel Stone http://www.debian.org - http://www.kde.org - http://www.freedesktop.org "Configurability is always the best choice when it's pretty simple to imple= ment" -- Havoc Pennington, gnome-list --LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj9XJDkACgkQcPClnTztfv1YgQCeLpV7qzzPZvxuZfAGVQPfMNqm Z7QAmwRPnR/VRrBCly6dITvaoHbWeac3 =eY0j -----END PGP SIGNATURE----- --LyciRD1jyfeSSjG0--