I do. Most probably they do too, but since any running apps can access the user’s private keys, the whole security depends on the strength of the passphrase that can be brute forced offline?
Passphrases protect against silent key exfiltration. Make them long enough (six or seven words these days, I think?) and they won't be cracked in your life time unless the quantum people figure their stuff out or you become a vampire.
If you're trying to protect against running programs, you also need to protect against key loggers. Using hardware-backed keys and systems like Windows Hello for validation can help with that, as their UI is not easily interceptable.
In the end, there's no perfect way to protect your keys if you have a virus running on your computer.
jeroenhd|3 years ago
If you're trying to protect against running programs, you also need to protect against key loggers. Using hardware-backed keys and systems like Windows Hello for validation can help with that, as their UI is not easily interceptable.
In the end, there's no perfect way to protect your keys if you have a virus running on your computer.
mr_mitm|3 years ago
the_af|3 years ago
throwaway290|3 years ago