private key protection

Faramir faramir.cl at gmail.com
Wed Oct 19 23:09:50 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 19-10-2011 17:54, Peter Lebbing escribió:
> On 19/10/11 22:43, Faramir wrote:
>> Ok, but if the online computer uses Windows, and the offline one 
>> uses Linux, then it would be a multiplataform trojan horse...
>> that is not likely to be a common case.
> 
> Define your threat model... are we talking random trojan infection
> or a focused attacker trying to gain your key? Because in the
> latter case, I hardly think commonality matters.

  You are right, I was thinking about random trojan infection (maybe
not 100% random, since a private key stealing trojan would be focused
on OpenPGP users, rather on average users). But if somebody wants MY
private key, then probably there would be an attack involving picking
my lock, infecting my BIOS, or some other 007-like activity. But in
that case, the victim might be involved in some organization that
should develop policies to deal with that risk.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJOnzyeAAoJEMV4f6PvczxA7eEH/j3wjkHNcwPNd2hSz1NXmIl0
KCMkE2H2BEqS19AhpDMmYdB4EVddDsDJg1rLa7W+he5o/4g6WPueLoeeh+Rqbj0T
IZCNN6KlVWgZ2P9JLt9cc5H9TVU1f3O1HtJUThwQJfsFygDBrk/HqpTvsJcXqU51
yAd2aw2gudI8FtJAz5hawRMABzIKObH3wJGbpQfVR1ih91zsjisPCJXt+4grwg2b
lxTS2tR8RnuZJPkmmBZTyAKNkapdGnJ2BiXPKYY8rqtPzM035hqDlsiVAHvea0ie
UYtOkTVXGVgW0xQlXY/0j4HKBm/xuNltUiZPja8EIGV2KMvoV16iYmCVa5CpURc=
=MJed
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list