[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2004
]
Re: [edlug] Anyone going tonight who can provide help with GPG and SSH keys ?
On Thu, 8 Jan 2004, Andrew Aylett wrote:
> Of course, if you're going to generate the key while you're there, then
> people can just read it off the screen. That's not recommended though
> -- conventional (paranoid) wisdom is that it's not a good idea.
The majority of attacks discussed in the article you quote are when you
generate (or use) your GPG key on untrusted hardware. As the original
poster was discussing using their own laptop, then only applicable risk
from that article is of someone shoulder surfing your passphrase.
Other risks, such as the use of tempest technologies to capture key
presses or other internal details, do exist - but they assume an attacker
with sufficient ability to be able to compromise your passphrase in
numerous other ways.
Cheers,
Simon.
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html