ctf-like WKD challenge (was: WKD proper behavior on fetch error)

Stefan Claas spam.trap.mailing.lists at gmail.com
Thu Jan 21 15:55:13 CET 2021


On Thu, Jan 21, 2021 at 12:25 PM Andrew Gallagher via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> On 21/01/2021 07:10, Stefan Claas via Gnupg-users wrote:
> > On Thu, Jan 21, 2021 at 8:02 AM Stefan Claas
> > <spam.trap.mailing.lists at gmail.com> wrote:
> >
> >> The nice things about OpenPGP amored messages is also that
> >> procmail and friends can be used at providers to filter -----BEGIN blah
> >
> > P.S. When Stale Schumacher ran the International PGP Homepage in the 90's
> > people could download PGP for Unix, VAX/VMS, Windows and the Mac
> > (there was no Linux IIRC available at that time) and there was a stealth
> > mode available, e.g. to hide the -----BEGIN blah in armored messages.
>
> ... which was pure security theatre that made it look more obfuscated to
> the untrained eye, but would never fool even the simplest automated tool.
>
> It is important to remember what PGP is for, and what it is not for. It
> is most definitely NOT for hiding metadata. No system based on email can
> ever do that, so it is safer not to pretend otherwise.
>
> If you need to hide your metadata from the state on pain of torture and
> death, PGP is NOT the solution. Use Tor, use Signal. And even then
> you're taking your chances because in many countries it is highly likely
> that your endpoint is rooted, and no security software can protect you
> from an pwned endpoint.

Very well said, Andrew!

Things I usually post here are more or less for the little PGP user
whishing to improve his practices, when using OpenPGP software.

And regarding Signal, I would think twice about that, which would
be to much OT here on this ML, but I can tell people here when
I asked Moxie, Signal, Micah Lee a question they did not answer.
And when Elon Musk started to advertise Signal usage on Twitter
publicity he received a reply from me, which he then not answered.

As some of you may know I have sold my smartphone ...

Best regards
Stefan



More information about the Gnupg-users mailing list