Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Tue, Oct 10, 2017, at 05:39 PM, Whitey wrote: > Pete Stephenson wrote: > > On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote: > >> I read once here on the Mailing List that one should only use > >> trusted USB devices, whatever that means, when using an USB > >> device. > > > > If you must u

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On 11/10/17 13:04, Robert J. Hansen wrote: > Permitting > trusted machines to communicate in a *provably* one-way manner with > systems outside the DMZ is an important problem -- not just being able > to do it, but coming up with a way simple enough that non-technical > users can understand. Point

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

> Our frames of reference were different: I was actually mostly > thinking about a duplex system, which if needed could be reduced to > simplex, in which case it would be the other way around than your > use-case. I never considered the scenario where the trusted system > was already compromised an

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On 11/10/17 04:49, Robert J. Hansen wrote: > The assumption was the web server was compromised: given that, how > can you be absolutely sure there's no communication channel back to > the trusted tabulator? Ah, this isn't about corrupting data on the line, about getting wrong data in what is the c

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

>> The point of using the >> old photoreceptor was that way we were dead certain there was no >> exploitable integrated circuit in the photoreceptor... > > I don't really see the point of purposely reducing the bitrate of a > serial link. Supply chain security. The more complicated the hardware,

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 17-10-10 02:04 PM, Daniel Kahn Gillmor wrote: > On Mon 2017-10-09 23:30:22 -0300, Duane Whitty wrote: >> After saying all that I recall reading an article by the >> Washington Post (if I recall correctly) that they use two >> computers in their

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Mon 2017-10-09 23:30:22 -0300, Duane Whitty wrote: > After saying all that I recall reading an article by the Washington > Post (if I recall correctly) that they use two computers in their > "safe-drop" system. The link you're looking for is: https://securedrop.org/ their documentation for

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Pete Stephenson wrote: > On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote: >> I read once here on the Mailing List that one should only use >> trusted USB devices, whatever that means, when using an USB >> device. > > If you must use USB devices for some reason, take a look at the >

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Am 10.10.2017 um 13:59 schrieb Stefan Claas: My thread model is not as high as of other peoples,  i assume. threat model of course... Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Am 10.10.2017 um 11:22 schrieb Peter Lebbing: On 09/10/17 21:14, Stefan Claas wrote: So i thought maybe i buy one, let's say with Windows 10, never update or upgrade it due to it's permanent offline state Whether I would consider this sane or not depends a lot on the type of data you'll be han

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Am 10.10.2017 um 13:59 schrieb Stefan Claas: I came up with this idea while reading about black/red boxes computers, which act as online/offline computers. And i recently discovered Neal Walfield's "An Avanced Introduction to GnuPG". At page 42 of his .pdf he speaks of offline computers as wel

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Am 10.10.2017 um 09:26 schrieb Pete Stephenson: On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote: I read once here on the Mailing List that one should only use trusted USB devices, whatever that means, when using an USB device. If you must use USB devices for some reason, take a look at th

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Am 10.10.2017 um 04:51 schrieb Duane Whitty: I find this topic quite interesting so if I may comment a little more... Firstly, I think it's really easy to get carried away here with security measures one probably doesn't really need. If you do have a need for air-gapped computers then you also

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On 10 Oct 2017 4:06 am, "Robert J. Hansen" wrote: I do know about subverting SATA harddisks, but haven't heard about it actually being used, unlike USB. SATA sounds reasonable as well. Yep!  Been done.  SATA firmware has been exploited via the JTAG interface, new firmware loaded onto it, and been 

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On 09/10/17 21:14, Stefan Claas wrote: > So i thought maybe i buy one, let's say with Windows 10, never update > or upgrade it due to it's permanent offline state Whether I would consider this sane or not depends a lot on the type of data you'll be handling on the offline machine. If it's just che

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Mon, Oct 9, 2017, at 06:53 PM, Stefan Claas wrote: > I read once here on the Mailing List that one should only use > trusted USB devices, whatever that means, when using an USB > device. If you must use USB devices for some reason, take a look at the

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

Let me start off by saying security is almost never absolute. I think it approaches some really basic economics: how much do you think your opponent is willing to spend to compromise your security? How much are you willing to spend to protect it? So there is no silver bullet. It depends on your th

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 17-10-09 11:30 PM, Duane Whitty wrote: > > > On 17-10-09 01:53 PM, Stefan Claas wrote: >> Hi all, > >> A question for the experts. > >> I plan to buy me a little Netbook next year, to use it as an >> Offline Computer, for GnuPG usage. The i

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 17-10-09 01:53 PM, Stefan Claas wrote: > Hi all, > > A question for the experts. > > I plan to buy me a little Netbook next year, to use it as an > Offline Computer, for GnuPG usage. The idea is to use my Online > Computer to send and receiv

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

> I think perhaps this is a little low-bandwidth for security updates for > your OS. By the way, you could use a USB-to-serial converter and use a > serial cable. The problem with USB is sharing the same USB device > between multiple computers. If you always use the same converter in the > same com

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On Mon, 9 Oct 2017 20:12:33 +0200, Peter Lebbing wrote: > On 09/10/17 18:53, Stefan Claas wrote: > > My idea is to use the software minimodem between the two > > Computers, connected, when required, via audio cables. > > I think perhaps this is a little low-bandwidth for security updates > for y

Re: Working with an Online and Offline Computer when using GnuPG - Best Practice?

On 09/10/17 18:53, Stefan Claas wrote: > My idea is to use the software minimodem between the two > Computers, connected, when required, via audio cables. I think perhaps this is a little low-bandwidth for security updates for your OS. By the way, you could use a USB-to-serial converter and use a

Working with an Online and Offline Computer when using GnuPG - Best Practice?

Hi all, A question for the experts. I plan to buy me a little Netbook next year, to use it as an Offline Computer, for GnuPG usage. The idea is to use my Online Computer to send and receive messages and to encrypt and decrypt messages to use the Offline Computer. So far so good. My question is wh