what is killing PKI?

Landon Hurley ljrhurley at gmail.com
Fri Aug 31 01:37:51 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I think Mark actually wrote that originally, in response to my query about what he meant regarding backup. Just in case that was me originally though, that list all breaks down to social engineering and rubber hose cryptanalysis. I'd assume though that the number of people who discuss PKI as pillow talk must be pretty low. Alcohol is a potential security risk I suppose. I've given lectures on worse when drunk. Hypnosis is ridiculous though. Not going to work. As for rbc and remote surveillance, you're done for. All but the last would still require access to the key as well though, assuming they don't have a problem torturing and stealing your laptop.

Landon


- -------- Original Message --------
From: MFPA <expires2012 at rocketmail.com>
Sent: Thu Aug 30 17:43:13 EDT 2012
To: Landon Hurley on GnuPG-Users <gnupg-users at gnupg.org>
Cc: Landon Hurley <ljrhurley at gmail.com>
Subject: Re: what is killing PKI?

Hi


On Thursday 30 August 2012 at 7:34:56 PM, in
<mid:8723caa5-4796-4f49-bbf3-4c933fdcaecb at email.android.com>, Landon
Hurley wrote:


> More to the point:  my passphrase never leaves my
> equipment and isn't recorded anywhere outside my brain.
> You can only get it by getting inside my computer.

Or by using a discrete surveillance camera to watch your key presses.
Or how about social engineering, alcohol, pillow talk, hypnosis,
rubber hose attack, etc.?

- --
Best regards

MFPA                    mailto:expires2012 at rocketmail.com

Dreams come true on this side of the Rainbow too!

- --
Violence is the last refuge of incompetence.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQJBBAEBCgArBQJQP/lPJBxMYW5kb24gSHVybGV5IDxsanJodXJsZXlAZ21haWwu
Y29tPgAKCRA3qYf9H1SVrDvRD/9k6unvLEQi4nDiMGFHiXz9ZxywpucyIKqPCXMG
pyUhq2h515doSjrSulOx4PNlXY2laN599OAUy8WUR2QMffpsU2rh9jRlayRyLz8e
ftIxQiPI2ZTyCBteUoTozgyMDt/2lXv8+ByrSfZJxsJ8z12q2YNTg0+jHWBM3iVN
Ia/LYYV4t6Tgm0JhYMvHpYUoDI/6J57uMSBOpHjmofx73tT1i/DeEvrmimo2E5eb
wUasxIeMtQEb2msPtLlnOKWTczgjwhZ0LGJZmd1ZregLy/zJfm+UGruLZUPak+UE
SsGbq7Gui1kZX2dkjA0RQFxH7bhVSS0gGMP625xclfqxHjQ2QIkpvPCTkek060Xr
meBLri8Ge0S8jV+20Jjc0DKWs6xXUhAkwrCNztHaVtx8VKmi5yIXfueifZh4p9Fg
5et2G8fWOQnw+MAZHhPG4WtjiZd3dxABitniZ5P3JCfvcPI0Lw7zXjkSJDRLuyIU
FiO1/+5joteZMTEPt5F0sSgwiKVdW/As5dsCGPcu0CXJ8AfyxFoikYC3fbuKUcmM
OaMC6br7cdVrEha9yLIt8/5M3uAFXvzhNJ8ONuI12SKTK0EOqtFVTT1nMPt32Apy
GluuMBDAEwQmoZv2A9S1IasFPrhiJk8RKTHrE+YGzRv+WZyyK8ENvcEdFQTvrLB2
IQ8sMg==
=uI/n
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list