Useful factoid

Robert J. Hansen rjh at
Thu Oct 13 12:30:31 CEST 2011

On 10/11/2011 05:14 PM, Jean-David Beyer wrote:
> Let us assume you are the bad guy


> Unless you have my encrypted keys, you have to access my computer
> (unless you have already stolen it, in which case there are much
> easier ways to invade the machine), you will have to try logging in
> through the Internet (in the case of my machine), and the first thing
> you will hit is the login program.

Hold on a second there.  You seem to be making some extremely
unwarranted assumptions.

If I want your secret key material, I'm not going to steal your
computer.  I'm going to use an exploit to bypass your login, plant a
Trojaned version of GnuPG, and laugh all the way to the bank.

Modern-day operating systems are frightening -- terrifyingly --
insecure.  A while ago Vint Cerf estimated that about one desktop PC in
five was already pwn3d.  That's a number that keeps me awake at night.

More information about the Gnupg-users mailing list