key generation: paranoia mode - explicit random input

Peter Lebbing peter at digitalbrains.com
Wed Feb 26 22:29:46 CET 2014


On 26/02/14 22:08, Hauke Laging wrote:
> How is it going to do that if (a) it's running on an offline system and 
> (b) its output is compared with that of other GnuPG "versions"?

Ultrasound, in combination with a nearby compromised online system with a
microphone, for example. Your smartphone would be a pretty good candidate. Or
through not-so-random padding on subsequent messages when the key is used,
relying on you to bridge the air gap.

It sounds to me like the age-old "my system is compromised, but I still want to
use GnuPG on it". I think you've heard the answer to that.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list