Own Mail: PGP running on local server; Is it secure

Robert J. Hansen rjh at sixdemonbag.org
Mon Sep 28 20:12:03 CEST 2015


>> Cryptography is not like virginity, where once you lose it it's 
>> gone forever.
> 
> I think they mean that your private key material is compromised, 
> meaning "þey"[1] can decrypt any future messages encrypted to that 
> key. Sloppily formulated, but I don't think they mean you've lost 
> your crypto virginity <grin>.

First, I love the Thorn Letter Agency: I'm going to have to steal it.  I
don't know whether it should be used sincerely as an "insert agency
here", or snarkily as a "oh, right, *þey* are out to get you".  Maybe
both.  :)

Second, I dunno, man.  I read that paragraph a few times just trying to
understand what they meant before I tore into them, and I came up with
realizing that not only didn't I know what they meant, but I doubted
they knew either.

The troubling line for me was, "Using these browsers for
cryptography, even once, leaves these companies full power to forever
break your cryptography."

So if I use Google Chrome, and it's not compromised, and I use it only
once, after that I switch to Firefox and use that for all my web
needs... and then, later on, Google decides to toggle the evil bit...
suddenly Google Chrome is going to jump in the TARDIS, travel back to
when it was trustworthy, and become evil then, and send my key material
forwards in time?

I mean, taken at their word, that's what they seem to be saying, right?

You could be right.  Absolutely you could be.  But their language is so
weird that I don't think I'm willing to give them the benefit of the doubt.



More information about the Gnupg-users mailing list