paperkey // ? feature request
Robert J. Hansen
rjh at sixdemonbag.org
Wed Feb 11 01:25:55 CET 2009
Faramir wrote:
> IMHO, the difference is the recipients can send it's public to me by
> some way, and check the fingerprint by telephone...
It's not a disposable session key if the recipients need to contact the
sender afterwards. If you're assuming a high threat environment, you
kind of need to assume the sender got flipped right after sending the
message.
> But how? There is still the chance to buy things with effective, not
> with credit or debit cards, and USB Flash Drives are cheap enough and
> easy to find at stores to make it very hard to trace...
Timothy McVeigh was tracked through his use of a prepaid calling card...
which he paid for with cash.
I don't know how the FBI and ATF did it, but I'm willing to bet they've
already taught an improved version of the technique to the next
generation of agents.
> We are talking about something between 320 and 480 hours of work, the
> info on that CD must have been (or they suspected it to be) of high
> importance...
[shrugs] Not really. Consider the cost-benefit ratio for two common
things: military campaigns and child pornography. Assume lab time costs
$100/hr., which pays the DF's salary and equipment costs. We're
looking at about $50,000 for 500 hours of work.
One soldier being grievously injured on the battlefield can cost the
Army easily $5 million in lifetime medical care. $5 million versus
$50,000 is a 100:1 cost savings.
Consider child porn. How much is it worth to take a child pornographer
off the street before he or she can exploit another kid? $100,000? 2:1
cost savings.
How much is it worth to... etc., etc.
Divorce lawyers are getting into the swing of things, too. I was once
paid to do some data recovery on a hard drive that was an issue in a
lawsuit. The lawyer was laughing all the way to the bank: my fee paid
for itself many, _many_ times over.
More information about the Gnupg-users
mailing list