Some people say longer keys are silly. I think they should be supported by gpg.
Robert J. Hansen
rjh at sixdemonbag.org
Tue May 22 18:28:49 CEST 2012
On 5/22/12 11:50 AM, Werner Koch wrote:
> There are a lot of ways to compromise a system, hidden backdoors in
> other systems have already been revealed in the past.
It's worth bringing out Vint Cerf's estimate that between a sixth and a
quarter of all desktop PCs have been completely compromised and are
under the control of botnet operators [1]. That was from five years
ago: the numbers are probably worse today.
And that only covers people targeted randomly! For those people
unfortunate enough to be targeted for surveillance by an even
semi-competent crew, it's far worse. Your front door is no obstacle to
someone who's learned how to pick a lock -- or someone smart enough to
look around for a fake plastic rock nearby in which you've placed your
backup key. I have no doubt whatsoever that a good crew could gain
access, enter, compromise the target's PC and be out of there in under
five minutes without the target ever knowing about it.
So, yes. If anyone is the target of a serious surveillance campaign
(legal or extralegal, state actors or non-state actors, whatever),
well... you have your work cut out for you defending against that.
GnuPG will not save you, not even with a 16K keypair.
More information about the Gnupg-users
mailing list