Safe decryption with GnuPG?
Janusz A. Urbanowicz
alex at bofh.net.pl
Thu Feb 14 14:20:53 CET 2008
On Wed, Feb 13, 2008 at 11:41:53AM +0100, Krzysztof Żelechowski wrote:
>
> Dnia 12-02-2008, Wt o godzinie 11:59 +0100, Anders Breindahl pisze:
> > Hello,
> >
> > On 200802010958, Krzysztof Żelechowski wrote:
> > > 1. The decrypted information must not make it to any persistent medium
> >
> > Use full-disk encryption, as has been stated before. That way, you can
> > be confident that nothing leaks into unencrypted places, since such do
> > not exist in the running system.
>
> Full disk encryption makes the system unnecessarily slow,
> especially if applied to swap space.
> I am seeking an intermediate solution for desktop computers
> where the amount of confidential data is small.
> The system as a whole should not be affected
> (unless, of course, it is a dedicated device,
> but that is another story).
I am under an stron impression that you want the system secure, without
defining a coherent threat model. All the world's encryption and
RAM-keeping won't protect you against TEMPEST.
Sit back, define your threat: spooks? trojans? identity thieves? snoopy
spouse? laptop thieves? You can't be secure against all possible threat.
Decide which one you choose and concentrate on defending against this
particular thread.
Alex
--
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
-- Czerski
More information about the Gnupg-users
mailing list