Crypto device where I need to confirm every operation?
Sandeep Murthy
s.murthy at mykolab.com
Fri Jan 23 04:37:21 CET 2015
I didn’t mean to include the word “complete” in there - true, there are degrees of
control that somebody else can have over your computer. I don’t
think this tells us anything in relation to the original problem, and besides from
a practical point of view there are some simple steps people can take to
reduce risks, for example, of unauthorised or malicious remote access.
I didn’t state any opinions about somebody continuing to use their
compromised system to counteract further efforts.
Hardware compromise again is an abstraction. There are many
imaginable ways in which your computer could be compromised, the
question only becomes interesting when it relates to particular attacks /
exploits.
Sandeep Murthy
s.murthy at mykolab.com
> On 23 Jan 2015, at 03:15, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>
>> I was referring to exactly that - *somebody else* having "complete
>> control" over your hardware, remotely. There are degrees of that...
>
> There aren't. It's like saying someone's a "little bit pregnant". You
> have complete control, or you have less-than-complete control. There
> are degrees of less-than-complete, but not complete.
>
> The name of the game is prevention, detection, and recovery: prevent
> compromises from occurring, detect them when prevention fails, and
> recovery to a known-good state. In electronic voting we liked to have
> multiple orthogonal PDR; the idea of somehow persisting in operations
> after complete compromise was always seen as a fool's errand.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150123/68b61b22/attachment.sig>
More information about the Gnupg-users
mailing list