jdbeyer at exit109.com
Mon Sep 5 14:24:45 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Greg Sabino Mullane wrote:
>>>Once a computer or other device that needs secure access is sufficiently
>>>protected, it becomes cheaper for a large government agency to resort to
>>>bribery or torture to get the information it wants. Assuming they do not
>>>wish to try bribery, are you sure you want your machine that safe?
> That's a silly argument. Because they are ways of obtaining your
> passphrase by force, you shouldn't bother using one or take other
> protective measures? Last I heard, the government of Finland was not
> known for torturing its citizens.
I do not say you should not take protective measures. I just say to consider
that if your protective measures are so effective that using force or
torture are cheaper than the alternatives, that you expose yourself to such
measures if your information is actually worth it.
I am glad Finland is such a country. But what if an agency known to employ
torture, or not known do do so but that does, chooses to operate in Finland,
most likely withouth the knowledge or consent of the government of Finland... ?
>>>I assume you are using gnupg for all your correspondence with everyone. If
>>>you encrypt only your sensitive communications, it will be painfully obvious
>>>which of your e-mails to decrypt, saving the black hats a lot of trouble.
> A lot of trouble in what way? Do you know of a black hat agency able to
> decrypt exi[s]ting gpg-encrypted messages?
It is pretty easy once they have the passphrases or private keys. And once a
suitable keylogger is in there, they get them very easily.
I imagine if the NSA really wanted to decrypt a gpg-encrypted message, they
have the resources to do it. It would probably take them a while if they had
to use brute force (and perhaps that is what they would do, again, if they
felt the information was actually worth it). Probably no one on this
newsgroup actually knows how much compute power the NSA has at its disposal.
At one time, the budget of the NSA was about 10x the budget of the CIA (to
the great annoyance, apparently, of the DCI). I imagine a lot of their
budget was spent on computing equipment, general purpose and special purpose.
> The original poster may want to check out "Tinfoil Hat Linux" which has
> some interesting capabilities, including an anti-keylogger measure. A
> laptop or PDA with its own keyboard could be useful as well.
>  http://tinfoilhat.shmoo.com/
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 08:15:00 up 82 days, 2:11, 4 users, load average: 5.23, 5.18, 4.91
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users