ctf-like WKD challenge
Werner Koch
wk at gnupg.org
Fri Jan 22 11:32:21 CET 2021
On Thu, 21 Jan 2021 10:48, Andrew Gallagher said:
> It is important to remember what PGP is for, and what it is not
> for. It is most definitely NOT for hiding metadata. No system based on
> email can ever do that, so it is safer not to pretend otherwise.
Full Ack.
There are ways to hide meat data and they exists for a long time. Use
them or helpt to get them back to live. Tor is one option but it does
not really target mails because it is designed as a low-latency service.
> If you need to hide your metadata from the state on pain of torture
> and death, PGP is NOT the solution. Use Tor, use Signal. And even then
That is not corrct. OpenPGP can and is in the real world part of a
solution. But communication in a hostile environment requires training
and creative methods to convey the data. Signal for example is not a
solution because it is a centralized service, requires easy to subvert
OSes, backdoored updates can easiliy be pushed to users, easuy to block,
and so forth. It may be part of a solution.
> likely that your endpoint is rooted, and no security software can
> protect you from an pwned endpoint.
There are ways to mitigate this but again training is required.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210122/94dc588a/attachment.sig>
More information about the Gnupg-users
mailing list