Implications of using insecure memory

Chris De Young chd at chud.net
Mon Oct 4 23:53:05 CEST 2004


> it's not that gpg isn't secure on windoze; it that *nothing* can be made 
> secure in windoze.
> 
> if you have a need to use pgp, GnuPG is great, but like any application it 
> can't overcome deficiencies in the OS. use what you need to use, but if 
> security (and/or reliability) is non-trivial you'll need to start using 
> *nix or maybe mac-os.

One thing to note in passing is that most of this worry applies to
cases where other people besides you also have access to your windows
box.  If the box itself is physically secure and you're mostly worried
about making sure the data in encrypted before it leaves the box, then
running GnuPG on Windows should be just fine.

Be aware that you still need to be a reasonably attentive Windows
admin though, and protect the box from network-borne compromises; if a
remote user can use a particular exploit to run their own code on your
box without your permission then they can still exploit the probles
discussed in this thread.

It's up to you to decide what the cost of such a compromise might be
compared with the cost of preventing it.  For me, I don't think it's
frankly much of a worry, but that's something you have to decide.

Cheers,
-Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041004/f9075684/attachment.bin


More information about the Gnupg-users mailing list