Fwd: Re: Fwd: Re: Question for app developers, like Enigmail etc. - Identicons

Stefan Claas stefan.claas at posteo.de
Mon Jun 12 21:34:42 CEST 2017


On 12.06.17 21:15, Peter Lebbing wrote:
> On 12/06/17 20:51, Stefan Claas wrote:
>> Maybe as an additional security feature Enigmail should give
>> a key with a set trust level of "Ultimate" a different color than
>> green.
> No, that's beside the point. Once somebody gets your user privileges,
> there is no "additional security". It's game over. They could replace
> your Enigmail with their Evilmail, which seems like a good name for an
> Enigmail edited to show any fingerprint the attacker desires and give it
> any colour of the rainbow.
>
> You need to make sure your computer doesn't get hacked by someone who
> wants to subvert your use of GnuPG. Luckily, for most of us, we get
> hacked to send spam... ;)
>
> (Remember there are two types of companies. Those who know they got
> hacked and those who don't know yet that they got hacked.)
>
>

Thanks for your thought! So what i have learned from this whole
thread, also about my proposal for identicons, i should buy me
an offline computer, send Thunderbird/Enigmail to /dev/null
and transfer signed/encrypted messages from my online usage
computer with a USB stick to my offline computer and verify
decrypt the messages there. :-)

Regards
Stefan





More information about the Gnupg-users mailing list