key generation: paranoia mode - explicit random input
mailinglisten at hauke-laging.de
Wed Feb 26 23:04:03 CET 2014
Am Mi 26.02.2014, 22:29:46 schrieb Peter Lebbing:
> Ultrasound, in combination with a nearby compromised online system
> with a microphone, for example.
Trivial to prevent in comparison to the task of verifying a distro.
> It sounds to me like the age-old "my system is compromised, but I
> still want to use GnuPG on it". I think you've heard the answer to
This attitute doesn't help though considering that we meanwhile face a
situation in which it has become more or less impossible to build a
system which is known non-compromised.
Your point is valid towards people who are just too lazy (or uninformed)
to do what can be reasonably done. In that case a wish towards GnuPG
could be simply replaced by improving the environment in which it is
going to be used. My perspective is that what can be reasonably done at
the system level may not be enough any more (at the upper border of
Furthermore while you cannot fix security problems in the outer system
by the inner system (which I assume is the main part of the answer you
mentioned) please mind that this is not what I suggest. I want to enable
users to create another layer of control outside their system.
Thus I consider an improvement which is both easy to implement and easy
to apply by the users a clear advantage. It is not enough to make
ciphers and digests "NSA-proof" if that's not the attack vector they are
going to use anyway.
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users