On 9/9/2013 4:52 PM, Jan wrote: > Imagine an intact offline PC without "auto play" enabled for USB drives.
Can't. USB is a peer protocol. There's an astonishing amount of computational power on both sides of that USB cable. Protocol negotiation is complex. Put it all together and you get a peer-to-peer protocol which you *cannot* secure because (a) there are too many computational resources available to an attacker and (b) the protocol itself is too complicated and there are many ways a malicious token could compromise the remote system even without autoplay installed. Don't get me started on Firewire, which is even worse. Oh, yeah, I just love the idea of random dongles I can plug into my machine which get root-level read-write access to RAM *as part of normal operations*. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users