Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 9 19:02:39 CEST 2017
> Sorry, not any more. Look at the online-banking fraud business.
> Automated credential stealing tools from simple keyloggers to
> sophisticated maleware such as from the Zeus family are available on
> a pay-and-play basis.
I've seen some truly scary malware, and I'm not seeing the level of
sophistication you're talking about except from nation-state actors.
GnuPG certificates aren't targeted by mass-market malware because there
aren't enough GnuPG users to be worth targeting. Malware that targets
online banking, though ... that's worth constructing specialized malware
> I thought your private key is so well encrypted that your can publish
> it in a news paper?
It is. Those aren't the risks I'm talking about.
Why don't I want to store the private key on multiple computers?
Because a good rule of thumb in a forensics lab is "store the minimum
personal data possible on your systems".
Why don't I want an NFS mount? Because these computers need to be isolated.
Why don't I want to use a USB drive? Because USB is a critical vector
for malware, and as such USB devices are closely controlled and monitored.
Etc., etc. Standard fare for a forensics lab.
More information about the Gnupg-users