Crypto device where I need to confirm every operation?

Daniel Kahn Gillmor dkg at
Thu Jan 22 22:55:53 CET 2015

On Thu 2015-01-22 13:44:12 -0500, Robert J. Hansen wrote:
>> To prevent such an attack, I imagine a device where I have to
>> confirm every transaction with a simple push on a hardware button.
> Once you lose control of the hardware, you're done.

The attack you describe is significantly more complex and more visible
than the attack the original poster outlined.

Yes, in the long run, if you can't trust your endpoint, you can be

But this is a game of defense in depth, and the proposed changes seem
like a useful step in raising the bar for an attacker.


More information about the Gnupg-users mailing list