GPG weakness

Jean-David Beyer jeandavid8 at verizon.net
Thu Jul 25 22:31:14 CEST 2013


On 07/25/2013 08:59 AM, Manu García wrote:
> Are devs taking some measures to make GPG really secure?

I am not an encryption expert, but if I were going to store a lot of
stuff in the cloud, I would not use GPG or any other public (assymetric)
key encryption system. I would use a simpler symmetric key, since no one
other than I would need to know the key.

The scheme outlined in the article is by no means new. It has been known
at least 10 years and probably even more. It is of theoretical interest
only, IMAO.

As for the part of your post shown above, measures to make GPG really
secure from what threats? Because the answer to that question really
matters. I bet they cannot make it secure from my posting my private key
on Facebook, for example, or from some black hat torturing my passphrase
out of me, or from the FBI putting a keylogger on my machine, or even
more easy, from my sending an encrypted e-mail to a friend of mine who
then forwards it unencrypted to someone else.
The developers of GPG cannot do anything to protect against these threats.

-- 
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key:166D840A 0C610C8B Registered Machine  1935521.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 16:20:01 up 44 days, 18:06, 2 users, load average: 4.22, 4.50, 4.72



More information about the Gnupg-users mailing list