riseup.net OpenPGP Best Practices article

Robert J. Hansen rjh at sixdemonbag.org
Fri Jun 27 23:02:01 CEST 2014

On 6/27/2014 3:14 AM, Werner Koch wrote:
> Assuming the sender uses a decent implementation, the attacker must have
> been able to modify the senders system by changing the code or the
> config files.


It took me about fifteen seconds to come up with a way to do this with
acceptable (if not-100%) probability of success and acceptable (but
extremely low) probability of intercept.

Tomorrow I'll post my method to the list.

If I can come up with a method to degrade things to 3DES in fifteen
seconds, then I believe the people who do this stuff professionally have
spent at least a few weeks inventing and perfecting other methods.

More information about the Gnupg-users mailing list