On 10/17/25 19:03, Jay Acuna via Gnupg-users wrote:
[...]
There's no point in mulling over a theoretical subset of attacker who has
both malware to steal your PQC key and a quantum computer to
blow up your traditional key.
I see a simple problem here: if an attacker can plant resident malware
on your computer, then that malware can simply wait for you to insert
and unlock your hardware token and then abuse the token to decrypt/sign
messages for the attacker, even if the attacker cannot make off with
your private key itself.
In short, if the malware can steal your key and passphrase, it can also
steal your token PIN and give the attacker access that way.
-- Jacob
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
