TOFU

Peter Lebbing peter at digitalbrains.com
Fri Jun 30 21:02:38 CEST 2017 

On 30/06/17 20:54, Stefan Claas wrote:
> Good point! And what would be your proposal against this kind of
> attack?

On 30/06/17 18:38, Peter Lebbing wrote:
> There is *no* *way* to mitigate an attacker having your user privileges.


> :-) For me it is a) bad software design, with the same colors
> for two different functions

There is no difference between your ultimately trusted key and someone else's
ultimately trusted key. It's the same function.

> and b) also not good that Trust Levels can
> be assigned (via third party apps) without entering my passphrase.

There is nothing to protect here. Trust has to start somewhere, there has to be
a root of it all where you say "this is where it all starts". Your passphrase
allows you to make signatures. What's the difference between your signature and
the attacker's signature? They're both signatures, on your disk. On a system
which is, in your scenario, compromised. Please, there is *no* *way* to mitigate
an attacker having your user privileges. As far as your computer is concerned,
they *are* you. You're asking your computer to tell the difference between you
and you. The problem is that we started out with the premise that your computer
thinks your attacker is you. And then you're trying to think of solutions to
have your computer tell the difference. That's begging the question.

Peter.

PS: As a final note, what prevents your attacker from grabbing your passphrase
when you enter it? They control your computer! If you could use your passphrase
to verify it was really you, they would immediately also have that passphrase,
since you just gave it to them.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170630/01d4c17b/attachment.sig>

More information about the Gnupg-users mailing list