ctf-like WKD challenge (was: WKD proper behavior on fetch error)

Andrew Gallagher andrewg at andrewg.com
Thu Jan 21 11:48:42 CET 2021


On 21/01/2021 07:10, Stefan Claas via Gnupg-users wrote:
> On Thu, Jan 21, 2021 at 8:02 AM Stefan Claas
> <spam.trap.mailing.lists at gmail.com> wrote:
> 
>> The nice things about OpenPGP amored messages is also that
>> procmail and friends can be used at providers to filter -----BEGIN blah
> 
> P.S. When Stale Schumacher ran the International PGP Homepage in the 90's
> people could download PGP for Unix, VAX/VMS, Windows and the Mac
> (there was no Linux IIRC available at that time) and there was a stealth
> mode available, e.g. to hide the -----BEGIN blah in armored messages.

... which was pure security theatre that made it look more obfuscated to 
the untrained eye, but would never fool even the simplest automated tool.

It is important to remember what PGP is for, and what it is not for. It 
is most definitely NOT for hiding metadata. No system based on email can 
ever do that, so it is safer not to pretend otherwise.

If you need to hide your metadata from the state on pain of torture and 
death, PGP is NOT the solution. Use Tor, use Signal. And even then 
you're taking your chances because in many countries it is highly likely 
that your endpoint is rooted, and no security software can protect you 
from an pwned endpoint.

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210121/3bc2a35a/attachment.sig>


More information about the Gnupg-users mailing list