How secure is GnuPG

Daniel Carrera dcarrera@math.toronto.edu
Thu Jul 25 02:51:02 2002


On Wed, 24 Jul 2002, David Shaw wrote:

> Sure, but it's a matter of layers of protection.  Each additional
> layer makes it that much difficult to mount a successful attack.

True, true.  You can add another layer of protection by using Tripwire.
I will fire an alarm if anything in pre-defined regions of the file system
changes.  You can add another layer of protection by using POSIX
Capabilities.  Those will limit what kind of thing programs can do.

Even better than either of these is to use SELinux which gives you
mandatory access control (MAC).  A malicious program shouldn't be able to
do anything in theory, even when ran as root, because it needs to be
given permissions to do stuff.

I am not aware of any way to get around MAC.  But there must be one.

Someone mentioned the problem with local security.  You can actually do a
fair bit in that arena.  You can set your CMOS to boot from C only, and
you can put a password on your CMOS.

A skilled attacker with a screwdriver can just pull out the CMOS battery
and put it back in.  The operation only takes a few minutes (I should
know, I had to do this once myself when I FORGOT the CMOS password :-).

Again, this simply reduces the number of people to worry about.

To attain even better security you can encrypt your entire file system.
That way, even if someone steals your hard drive they won't get at your
data.  This slows your system, but a good compromise is to only encrypt
the /home partition.


I am not really that paranoid, but I take confort in knowing that I *can*
attain excellent security if I want.


I think that if you have:

- SELinux.
- Encrypted file system.
- Good passphrases throughout.
- Send all your critical data encrypted.

You have pretty much covered all your bases.
Past this, security/convenience rests on parameters that you can control
(the effect of bugs or malicious software can be controlled by your
"controls").

Then again, as always with security, I have probably missed something.

Daniel.