what is killing PKI?
Mark H. Wood
mwood at IUPUI.Edu
Fri Aug 31 15:40:53 CEST 2012
On Thu, Aug 30, 2012 at 10:43:13PM +0100, MFPA wrote:
> On Thursday 30 August 2012 at 7:34:56 PM, in
> <mid:8723caa5-4796-4f49-bbf3-4c933fdcaecb at email.android.com>, Landon
> Hurley wrote:
Actually that's quoting me.
> > More to the point: my passphrase never leaves my
> > equipment and isn't recorded anywhere outside my brain.
> > You can only get it by getting inside my computer.
>
> Or by using a discrete surveillance camera to watch your key presses.
> Or how about social engineering, alcohol, pillow talk, hypnosis,
> rubber hose attack, etc.?
True. But it reduces the attack surface from "me + anybody in the IT
department at ${giant e-tailer} + anybody at the records management
service they use" to "me". I think that's a significant reduction.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20120831/7c59f7f3/attachment.pgp>
More information about the Gnupg-users
mailing list