On Thu, 12 Sep 2013 15:55:24 +0200 "Jan" <takethe...@gmx.de> wrote: > 2.1 Most people have only one PC and windows as operating system, so > the linux/unix distribution should be installed on an USB device. > This device must not be plugged into the PC if windows is running, in > order to avoid a manipulation. Further I would uninstall the network > drivers on the USB device, so it is almost an offline PC. If the user > receives an encrypted file via email, he saves it to hard disk. Then > he turns off the PC, plugs in the USB drive and boots off it. He > copies the file from the hard disk to the USB drive (this should > cause no trouble). Only if the file is of a simple file format (jpg, > RTF, mp3, PDF(?), etc.(?)) he accepts it and opens it with a secure > minimalistic tool. He might even first run a program like an anti > virus software(?) in order to check whether the structure of the file > agrees with the official definition of the sated file format.
All the time I read suggestions on using USB sticks and I must say people are crazy about USB sticks. It is more convenient to use optical media then USB stick because they are read only. Boot from Live CD, not from USB stick and use USB stick only for data. In a desktop PC you can put two CD devices and boot Live CD from CD1 and write your data to CD2. You can use write-once media or rewritable media so you do not waste to much plastic. If you write your data to CDROM, then it is much more safer to transfer data to another PC. It is much more complicated to make a virus that will insert itself into a CDROM then into a USB stick. Furthermore, such action would be odd and could be blocked by a security software like SELinux. -- Marko Ranđelović, B.Sc. Software Developer Niš, Serbia marko...@eunet.rs Note: If you see a nonsense enclosed between lines BEGIN PGP SIGNATURE END PGP SIGNATURE then this message is digitally signed using OpenPGP compliant software. You need an appropriate plugin for your email client or other OpenPGP compliant software in order to verify the signature. However, the concept of computer insecurity implies digital signature is not absolute proof of identity. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
