On Tue, Feb 10, 2009 at 04:44:01PM -0500, Robert J. Hansen wrote: > > [2] above mentioned message posted anonymously to newsgroup like > > comp.security.pgp.test > > from internet cafe, > > (pre-paid in cash, using new usb drive with nothing else on it) > > USB tokens have GUIDs, Globally Unique Identifiers. Computers keep > track of what GUIDs they've seen. If the secret police get access to > the PC, then they know "ah, someone used GnuPG on a USB token, with a > GUID of...", etc. That USB token can now be connected to you.
This isn't completely true. The USB protocol does have the concept of a per-device serial number. I don't know if I'd go so far as to call it a GUID as it is only unique relative to the vendor and device type, but in any event, it isn't always used by the manufacturer. For example, I have three USB drives on my desk at the moment. One of them has an actual (presumably unique) serial number, one has a serial number of "FFFFFFFF", and the last has a serial number of "0". There is also no guarantee that the host computer will log the device serial number (modern Linux does, but you're more likely to find some flavor of Windows in an internet cafe). There is also no guarantee that the secret police will know what was run from the USB drive (the converse is true as well, of course). I can imagine the movie plot, though. :) > [2] I had sushi with a colleague of the guy who recovered the crosscut > CD-R. They gave that task to him person specifically because of his > severe OCD. The guy later said it was the happiest month he'd ever > worked: he was allowed to indulge his OCD for 16 hours a day and > everybody left him alone. Do you have a cite on this recovery beyond that story? I have not heard of such a thing, and Google came up blank. I wonder if your sushi companion was pulling your leg. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users