Why trust gpg4win?
Jan
takethebus at gmx.de
Fri Sep 13 20:54:28 CEST 2013
On 09/13/2013 14:05, NdK wrote:
>What happens if one of your correspondents is willing to undergo the
>whole procedure and he's an FBI agent?
I'd tell him confidential information, - but I did not intent to protect
me against such a thread by means of gnuPG.
> If you want to
> certify that your security perimeter is secure, you first have to
> accurately define where it is and the threat model. And even then you
> can only certify it's secure against the attacks you could think of.
That is a good point. On this list I learned about the existence of some
vectors I did not even think of. Thank you for that information. Is there a
book on thread models which list widely known attack vectors?
OK, so I'll try to define two thread models.
The setup:
Assume there is a windows PC connected to the internet (online PC) and an
USB device with debian on it where the network drives are uninstalled
(offline PC). The USB device is only plugged into the machine, if windows is
not running. The windows PC has a FAT partition. Encrypted emails/files
downloaded with windows are stored there. After reboot the FAT partition is
mounted with debian and the emails/files are decrypted. The reverse
procedure (answer to the email) runs analogously. Only simple file formats
are accepted.
Thread models:
1. There might be a Trojan on the windows machine.
2. There might be a Trojan on the windows machine and someone might steel
the USB device from my apartment.
I don't care about hardware key loggers, TEMPEST, cold boot attacks or
cameras installed in my apartment. In the second thread model the USB device
would have an encrypted root partition. Another scenario is that instead of
the USB device there is a real offline PC and file transfer between the two
machines happens only via CD-RW or multisession CD-R.
Kind regards,
Jan
More information about the Gnupg-users
mailing list