TOFU

Stefan Claas stefan.claas at posteo.de
Fri Jun 30 21:27:18 CEST 2017


On Fri, 30 Jun 2017 21:02:38 +0200, Peter Lebbing wrote:

> PS: As a final note, what prevents your attacker from grabbing your
> passphrase when you enter it? They control your computer! If you
> could use your passphrase to verify it was really you, they would
> immediately also have that passphrase, since you just gave it to them.

The idea with this scenario is that it can be carried out by people
with no skills in hacking or compromising a computer, in small shops,
companies for example, when one of the co-workers leaves his/her
work place for a minute, or two etc.

P.S. Maybe it was not such a bad idea to propose identicons, for
third party apps using GnuPG, along with showing the fingerprint.

Regards
Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digitale Signatur von OpenPGP
URL: </pipermail/attachments/20170630/3def11dd/attachment.sig>


More information about the Gnupg-users mailing list