More secure than smartcard or cryptostick against remote attacks?

Robert J. Hansen rjh at
Fri Feb 8 04:14:17 CET 2013

On 02/07/2013 06:42 PM, Faramir wrote:
>   Ah, but there are situations in which that would not work...

Sure.  There are always situations where a particular attack won't work.
 For instance, if there's an ironclad no-exceptions policy that you may
never, ever, fall back to using GnuPG on the PC, then this attack
wouldn't work.  But that quickly reduces to a game of whack-a-mole -- a
game you're not going to win.  The attacker gets to tailor his attack to
your defenses; you don't get to tailor your defense to the attacker.

If you don't trust your hardware, get new hardware that you do trust.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130207/3ef4babb/attachment.pgp>

More information about the Gnupg-users mailing list