[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2004 ]

Re: [edlug] Anyone going tonight who can provide help with GPG and SSH keys ?



On Thu, 8 Jan 2004, Andrew Aylett wrote:

> Of course, if you're going to generate the key while you're there, then
> people can just read it off the screen.  That's not recommended though
> -- conventional (paranoid) wisdom is that it's not a good idea.

The majority of attacks discussed in the article you quote are when you 
generate (or use) your GPG key on untrusted hardware. As the original 
poster was discussing using their own laptop, then only applicable risk 
from that article is of someone shoulder surfing your passphrase.

Other risks, such as the use of tempest technologies to capture key 
presses or other internal details, do exist - but they assume an attacker 
with sufficient ability to be able to compromise your passphrase in 
numerous other ways.

Cheers,

Simon.

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage