Why trust gpg4win?

Jan takethebus at gmx.de
Fri Sep 13 11:33:44 CEST 2013 

09/12/2013 22:03, NdK wrote:
> You really should define your "security perimeter".

09/13/2013 09:19, NdK wrote:
> I can be "reasonably sure" nobody will hack my machine just to read my
> mail. Obama can be "reasonably sure" that *many* attackers will try.

My "security perimeter" should be "equal" to the maximum of the "security 
perimeters" of my usual communication partners. That is so because with 
their private key they protect my mail and with my private key I protect 
their mail. What is "usual" is not always easy to determine. Lets say I'm 
looking for the maximum of security an average user can achieve with common 
hardware. This user is willing to do some inconvenient things like reboot, 
burn CDs or wait.

Generally I distrust certain hardware like smartcards or HSMs because they 
are main targets for secret services, who have a lot of money. Recently I 
red about this intersting (English/German) article on FBI backdoors in 
openBSB and scmartcards:

http://www.h-online.com/open/news/item/FBI-back-door-in-IPSec-implementation-of-OpenBSD-1153297.html
http://www.heise.de/newsticker/meldung/FBI-Backdoor-in-IPSec-Implementierung-von-OpenBSD-1153180.html

It should be possible to create a rather secure system using "norml 
technoligies" (CDs, offline PCs etc.) which are harder to target by secret 
services. If you manage to have a rather secure file transfer between an 
online and an offline PC, the only security relevant technology you need to 
focus on is gnuPG itself. Some people read the source code to check its 
integrity but are there people who focus on its output? To me this is a very 
important point. I'm not sure how this could be done in practice, but I was 
thinking about someone who knows the theory of RSA etc. and who "manually" 
encrypted a text and would compare that with the output of gnuPG to see 
whether the two results match. Some other approach might be to compare the 
output of several versions of gnuPG, PGP etc.. This way you could check 
whether the information was secretly decrypted with a second "FBI key". This 
is even possible for someone how is no programer. Do you think checking the 
output in that way is useful?

Kind regards,
Jan

More information about the Gnupg-users mailing list