16 Dec
2010
16 Dec
'10
3:15 a.m.
On Wed, 2010-12-15 at 21:47 +0100, Arnold Krille wrote:
On Wednesday 15 December 2010 20:40:20 Ralf Mardorf
wrote:
To be honest, I've forgotten about this :D, but anyway, hacking the
password, resp. pass'phrase' should be easier to do. When hacking
online, the time the pass'phrase' doesn't need to be typed again is
important. It's also important how long 'su' for a terminal emulation
could be active, without an 'auto'exit is executed, while there isn't
activity by the admin. While it isn't easy to hack a good protected
Linux, it's relative easy to hack an online audio workstation as mine,
no firewall, no AppAmor etc. ;).
On Wed, 2010-12-15 at 19:56 +0100, Arnold Krille
wrote:
Still you have to know the password for the key :-P On Wednesday 15 December 2010 16:41:32 Jörn
Nettingsmeier wrote:
There still is a much easier way to decrypt mails. I'm not talking about
a completely encrypted hard disk. Get the non-public, private key. Is
this key saved in a file on a computer that is connected to the web,
e.g. for usage directly with your mail client? Hack the firewall and get
that key or burglarise the flat to get access to the non-public, private
key. On 12/15/2010 11:14 AM, gene heskett wrote:
> Ralf I suspect, if he were to use pgp, would be like me, and only
> trust pgp-2.6.2a, the last one before they put Zimmerman in jail for
> a few years. I have often said, and have been called the uber
> paranoid for it, that one of the conditions of his release was that
> the next generation of pgp had a back door.
as they say, paranoia doesn't mean they're not after you!
:-D
i think this problem is mitigated somewhat by using open protocols with
open crypto implementations that have undergone public scrutiny. unless
you want to believe that "the NSA has quantum computers anyway and have
solved the entire problem space years ago" :)
Some months back fbi had to admit that current encryption is to good for
them. After a year of trying they returned a hard-disk (which Mexican
police asked them to decrypt) admitting they couldn't do anything to get
the data... Went through fefe's blog...
Have fun,
Arnold