private key protection
faramir.cl at gmail.com
Wed Oct 19 23:09:50 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
El 19-10-2011 17:54, Peter Lebbing escribió:
> On 19/10/11 22:43, Faramir wrote:
>> Ok, but if the online computer uses Windows, and the offline one
>> uses Linux, then it would be a multiplataform trojan horse...
>> that is not likely to be a common case.
> Define your threat model... are we talking random trojan infection
> or a focused attacker trying to gain your key? Because in the
> latter case, I hardly think commonality matters.
You are right, I was thinking about random trojan infection (maybe
not 100% random, since a private key stealing trojan would be focused
on OpenPGP users, rather on average users). But if somebody wants MY
private key, then probably there would be an attack involving picking
my lock, infecting my BIOS, or some other 007-like activity. But in
that case, the victim might be involved in some organization that
should develop policies to deal with that risk.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users