Working with an Online and Offline Computer when using GnuPG - Best Practice?

Peter Lebbing peter at digitalbrains.com
Mon Oct 9 20:12:33 CEST 2017


On 09/10/17 18:53, Stefan Claas wrote:
> My idea is to use the software minimodem between the two
> Computers, connected, when required, via audio cables.

I think perhaps this is a little low-bandwidth for security updates for
your OS. By the way, you could use a USB-to-serial converter and use a
serial cable. The problem with USB is sharing the same USB device
between multiple computers. If you always use the same converter in the
same computer, it's not an infection vector. But this is still very low
bandwidth. Many USB-to-serial converters can go to 0.5 Mbit/s. I think
the max I've seen is 2 Mbit/s. So it's not as low as the ol' 115k2 anymore.

I haven't read about SD cards being infection vectors, and they have
many gigabytes. Enough for, for example, a mirror of the debian-security
archive for your architecture.

I do know about subverting SATA harddisks, but haven't heard about it
actually being used, unlike USB. SATA sounds reasonable as well.

For both SD cards and SATA harddisks, you could again use USB-to-X
converters, as long as they are dedicated to your offline system.

This is just my personal opinion, and should be read as ideas rather
than authority (not that I claim to have any, that's precisely the
point). Meanwhile, if somebody knows of a transfer method that has
enough bandwidth to be able to keep a Debian system up-to-date, or a
FreeBSD system alternatively, that looks better than SD-card or
SATA/PATA, I'm interested as well. I'd rather have something better.

My 2 cents,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20171009/1019a293/attachment.sig>


More information about the Gnupg-users mailing list