ctf-like WKD challenge

Werner Koch wk at gnupg.org
Fri Jan 22 11:32:21 CET 2021

On Thu, 21 Jan 2021 10:48, Andrew Gallagher said:

> It is important to remember what PGP is for, and what it is not
> for. It is most definitely NOT for hiding metadata. No system based on
> email can ever do that, so it is safer not to pretend otherwise.

Full Ack.

There are ways to hide meat data and they exists for a long time.  Use
them or helpt to get them back to live.  Tor is one option but it does
not really target mails because it is designed as a low-latency service.

> If you need to hide your metadata from the state on pain of torture
> and death, PGP is NOT the solution. Use Tor, use Signal. And even then

That is not corrct.  OpenPGP can and is in the real world part of a
solution.  But communication in a hostile environment requires training
and creative methods to convey the data.  Signal for example is not a
solution because it is a centralized service, requires easy to subvert
OSes, backdoored updates can easiliy be pushed to users, easuy to block,
and so forth.  It may be part of a solution.

> likely that your endpoint is rooted, and no security software can
> protect you from an pwned endpoint.

There are ways to mitigate this but again training is required.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210122/94dc588a/attachment.sig>

More information about the Gnupg-users mailing list