Quoting Bob Tanner (tanner at real-time.com): > How will this work under Linux? > > Is the FBI specifically targeting Windows? > > Nice to know terrorists will move to linux now. :-| > So this thing targets your pass-phrase, outside the privacy concern, the approach is very, VERY good. Even long pass-phrases aren't immuned if they are snarf'd at the keyboard. This article makes me double check tripwire installs and rolling our SNARE ASAP. But I digress. What other options do you have for secure email? Can you tie one of the Secure-IT cards from Verisign into GPG (or any tokenizer card)? I'm not sure how the cards work, but if your getting a new token every 30 seconds won't that greatly reduce the keyboard-sniffer attack? You may still have to have a phase-phrase to make GPG work, but could you protect the pass-phrase with a token? -- Minneapolis St. Paul Twin Cities MN | Phone : (952)943-8700 http://www.mn-linux.org Minnesota Linux | Fax : (952)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9