On 10/11/2011 05:14 PM, Jean-David Beyer wrote: > Let us assume you are the bad guy
Okay. > Unless you have my encrypted keys, you have to access my computer > (unless you have already stolen it, in which case there are much > easier ways to invade the machine), you will have to try logging in > through the Internet (in the case of my machine), and the first thing > you will hit is the login program. Hold on a second there. You seem to be making some extremely unwarranted assumptions. If I want your secret key material, I'm not going to steal your computer. I'm going to use an exploit to bypass your login, plant a Trojaned version of GnuPG, and laugh all the way to the bank. Modern-day operating systems are frightening -- terrifyingly -- insecure. A while ago Vint Cerf estimated that about one desktop PC in five was already pwn3d. That's a number that keeps me awake at night. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
