>> Point blank: it's all over the moment the bad guy has access to your >> hardware. > > Even if that was true, it should by no means lead to the idea that > software security is futile.
It is true, and it absolutely leads to the idea that you're spending too much time on the wrong subject. Military strategy all the way back to Sun Tzu has boiled down to, "don't bother defending what cannot be defended, because all you're doing there is wasting your own limited resources." > Keys should not be stored in swappable memory. :-\ PGPdisk's keys aren't. Of course, PGPdisk 6.5.8 predates Windows hibernation, so... you're asking PGPdisk's authors to have defended against a threat that *didn't even exist at the time it was written*. Likewise, an attacker who's leveraging access on your system is going to be using attacks that don't even exist today and exploiting holes that haven't been imagined. I want to repeat: you cannot defend against an attacker with physical access to your machine. Cannot. There are simply too many ways to turn unprivileged access into privileged access and at that point bam it's the ballgame. Focus on keeping the attacker out of your machine. _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
