key generation: paranoia mode - explicit random input
Robert J. Hansen
rjh at sixdemonbag.org
Fri Feb 28 04:30:01 CET 2014
> Trivial to prevent in comparison to the task of verifying a distro.
There are literally thousands of vectors. Defending against *all* of
them is a deeply nontrivial task. Sometime take a look at the
requirements for a SCIF: they're eye-opening.
http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility
> This attitute doesn't help though considering that we meanwhile face a
> situation in which it has become more or less impossible to build a
> system which is known non-compromised.
It was always impossible.
If you really want a known non-compromised system, you have to set up
your own chip fab plant churning out low-transistor-count, hand-verified
IC designs made from six-nines silicon you personally smelted from sand
you personally mined off a beach. It has always been this way. It will
always be this way.
More information about the Gnupg-users
mailing list