Safe decryption with GnuPG?

Janusz A. Urbanowicz alex at
Thu Feb 14 14:20:53 CET 2008

On Wed, Feb 13, 2008 at 11:41:53AM +0100, Krzysztof Żelechowski wrote:
> Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze:
> > Hello,
> > 
> > On 200802010958, Krzysztof Żelechowski wrote:
> > > 1. The decrypted information must not make it to any persistent medium 
> > 
> > Use full-disk encryption, as has been stated before. That way, you can
> > be confident that nothing leaks into unencrypted places, since such do
> > not exist in the running system.
> Full disk encryption makes the system unnecessarily slow, 
> especially if applied to swap space.  
> I am seeking an intermediate solution for desktop computers
> where the amount of confidential data is small.  
> The system as a whole should not be affected 
> (unless, of course, it is a dedicated device, 
> but that is another story).

I am under an stron impression that you want the system secure, without
defining a coherent threat model. All the world's encryption and
RAM-keeping won't protect you against TEMPEST.

Sit back, define your threat: spooks? trojans? identity thieves? snoopy
spouse? laptop thieves? You can't be secure against all possible threat.
Decide which one you choose and concentrate on defending against this
particular thread.

JID: alex at
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski

More information about the Gnupg-users mailing list