Johan Henselmans <[email protected]> writes: > Thanks Nick, I have just read up on the FreedomBuddy > project. (http://wiki.debian.org/Freedombox/FreedomBuddy).
Huh. I didn't know that page existed. Thanks, planetlarg. It's outdated, but there is no updated documentation (until after this weekend, when the dust settles). > That seems a solution, until your tor/GNUnet endpoint service is > compromised, which seems not too hard, considering we are talking > about bad guys not encumbered by legal restrictions. Please define compromised. I'm not being a pedantic jackass here, I'm wondering what you mean exactly. If the message you receive fails to decrypt to your key, FBuddy ignores it, so it's unlikely that you'll compromise FBuddy itself with malformed input. If you mean someone duplicating your Tor Hidden Service identity and posing as you, then they can't read your messages without your key. It's also difficult to duplicate an identity without physically taking over the hosting box. > Compromised GPG keys is the other problem. Yeah. Rule #1 of network security: if the attacker has physical access to the box, you're screwed. Nothing anyone can do can prevent that, unless you avoid creating or using the service at all. > I still have a GPG key created in 2001, which I am sure is on some > keyservers. My sloppy security behavior ( the private key had been > transported from server account to server account, some of which I am > pretty sure they were compromised), combined with some rainbow-tables > and other brute force attack scripts make it sure that my private key > would be compromised by now-if anyone would be interested. Then revoke or expire it, if you still have the password. A compromised 12 year old key is just bad manners. If users are determined to shoot themselves in the foot, we can't stop them. In order to preserve their software freedoms (and Asimov's laws), we have to assume users mean to do what they're doing. The best we can do is to make key management as easy (or as secure, depending on the user's request) as possible. > A solution would be to make sure anyone would have a smart-card > derived PGP key with opensc, so that if you can not find your smart > card you should assume your key is compromised. That also poses the > problem of losing ones precious would make your freedombox data lost. You're free to go with whatever you're more comfortable with, it all involves tradeoffs. Me, I'm happy keeping a subkey (or single-purpose key) on the box. If the SSSS system [0] pans out and keys are never written to disk, then whole keys are never hosted anywhere and the box has to be captured alive, without ever losing power, significantly raising the bar for attacks. 0: http://lists.alioth.debian.org/pipermail/freedombox-discuss/2013-February/005106.html > But perhaps you have already discussed that kind of setups. I have, but I doubt I've convinced you. Please, rebut! Thanks for your time, Nick
pgp8Q_IzOtooc.pgp
Description: PGP signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
