[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: TOFU
From: Andrew Gallagher <andrewg () andrewg ! com>
Date: 2017-06-30 20:29:21
Message-ID: 9e5ac5d0-3f8c-abe2-4979-c40ae847d2f6 () andrewg ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On 2017/06/30 20:27, Stefan Claas wrote:
> The idea with this scenario is that it can be carried out by people
> with no skills in hacking or compromising a computer, in small shops,
> companies for example, when one of the co-workers leaves his/her
> work place for a minute, or two etc.
Anybody who knows enough about computers to poison your local GPG
keyring already knows more than enough about computers to be able to
download H@ck0rT00l.exe from a website and install it on your machine.
In the scenario above, it is in fact *easier* to do this without getting
caught than it is to do it by hand - perhaps as easy as inserting a
flash drive when your computer is locked.
If you want to protect yourself against an Evil Maid (or an Evil
Coworker) then you are *way* outside the scope. Encrypt your drive, lock
your screen, disable your USB ports and store your laptop in a safe. If
you can't trust the data on your computer, you can't trust a single
thing it says.
A
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic