riseup.net OpenPGP Best Practices article
Robert J. Hansen
rjh at sixdemonbag.org
Fri Jun 27 23:02:01 CEST 2014
On 6/27/2014 3:14 AM, Werner Koch wrote:
> Assuming the sender uses a decent implementation, the attacker must have
> been able to modify the senders system by changing the code or the
> config files.
It took me about fifteen seconds to come up with a way to do this with
acceptable (if not-100%) probability of success and acceptable (but
extremely low) probability of intercept.
Tomorrow I'll post my method to the list.
If I can come up with a method to degrade things to 3DES in fifteen
seconds, then I believe the people who do this stuff professionally have
spent at least a few weeks inventing and perfecting other methods.
More information about the Gnupg-users