Safe decryption with GnuPG?

Anders Breindahl skrewz at
Thu Feb 14 22:02:03 CET 2008


On 200802131141, Krzysztof Żelechowski wrote:
> Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze:
> > Use full-disk encryption, as has been stated before.
> Full disk encryption makes the system unnecessarily slow, especially
> if applied to swap space.  

I'm not under that impression.

Besides, a (pessimistic) 5/2 latency rise/speed decrease of swap is not
much of a loss. If one wanted speed, one would generally have to avoid
swap, anyway, and the major slowdown with swap lies in the mechanics.

> I am seeking an intermediate solution for desktop computers where the
> amount of confidential data is small.

My solution may just be an attempt at doing that. See below.

> > As Robert stated, many of your other requirements are void, if your
> > adversary gains control of your machine.
> Admittedly the protection will never be perfect but I would like it to
> be as good as can be.

Right. But to that purpose, hiding from non-rootkit (?) cracks still
seem like a bad way of using your time. Leave the
assumption-that-the-administrator-doesn't-know-his-stuff work to
Microsoft, and let's assume that the user isn't compromised (or stupid).

> > > Can you direct me to some implementation meeting these
> > > requirements?
> > 
> > I wrote a such script once, that satisfies much of (the serious
> > amongst) your requirements. Email me personally, if you're
> > interested.
> If you are so kind, or just the idea if you do not want it to be
> adapted and published.

It's not at all what you seem to want. But I've refactored a bit and
made it more serious. It's available at:

Regards, skrewz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080214/7c96da30/attachment.pgp>

More information about the Gnupg-users mailing list