> On 31 Aug 2016, at 15:20, Chad MILLER <[email protected]> wrote: > > But it can never look in your ~/.gnupg/ dir or grab your scanner or wipe your > yubikey or turn on your camera or whatever, as another program, rogue or > compromised, could do. None of that even seems to exist.
If it shares physical RAM with other processes or VMs, it can modify their RAM, under certain conditions: https://www.schneier.com/blog/archives/2016/08/powerful_bit-fl.html Unfortunately, VMs and similar isolation techniques aren't great at preventing hardware-based side-channels. But in most cases, for most threat models, yes, it's quite secure. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
