Am Freitag 03 Dezember 2010 17:32:50 schrieb Werner Koch:
> On Fri, 3 Dec 2010 13:21, mailinglis...@hauke-laging.de said:
> > A first improvement would be to show the hash to be signed. Of course,
> > you
>
> That does not help. Even if you would be able to compare it with the
> hash displayed o
Daniel Kahn Gillmor writes:
> On 12/03/2010 12:45 PM, Daniel Kahn Gillmor wrote:
>> So unless Are you willing to try to display
> [...]
>> my laptop display is pretty small, and i read what i sign on it ;)
>
> sigh. I may read what i sign, but apparently either my grammar or my
> proofreading s
On 12/03/2010 12:45 PM, Daniel Kahn Gillmor wrote:
> So unless Are you willing to try to display
[...]
> my laptop display is pretty small, and i read what i sign on it ;)
sigh. I may read what i sign, but apparently either my grammar or my
proofreading skills are still below par :P
--d
On 12/03/2010 11:32 AM, Werner Koch wrote:
> What might work are JPEGs -
> but who wants to sign a JPEG file and have recipients work with an image
> of your text?
JPEGs themselves are problematic because of the ability to embed
arbitrary data in the metadata fields (EXIF, etc [0]). So unless Are
On Fri, 3 Dec 2010 13:21, mailinglis...@hauke-laging.de said:
> A first improvement would be to show the hash to be signed. Of course, you
That does not help. Even if you would be able to compare it with the
hash displayed on the host box, you gain nothing: Any malware which
foist you a differ
Ok,
let me utilize this thread to clarify something.
I've never used those external devices, and my private keys have
always been one place only located, a computer.
That situation is a sort of "trade-off" for it keeps the referred keys
more protected/restricted whereas it gives me little chance
On 2010-12-03 13:21, Hauke Laging wrote:
> A first improvement would be to show the hash to be signed. Of course, you
> cannot trust the hash calculation on a potentially compromised PC but this
> would be a start for further protection (e.g. by sending the file to someone
> else and comparing t
Am Freitag 03 Dezember 2010 09:47:27 schrieb Nils Faerber:
> The non-obvious content of the transaction, what you say as "you do not
> see what you sign even on the PIN-pad" is an issue that has been
> discussed a lot of times already - yes, it is definitely an issue but
> very hard to solve. IMHO
Am 03.12.2010 03:52, schrieb Markus Krainz:
> On 2010-12-02 11:00, Łukasz Stelmach wrote:
>>> then the PIN pad becomes even more interesting.
>> I am not that paranoid to carry a full sized card reader with a PIN pad
>> with me.
>>
>
> Even with PIN-pad on a compromised computer you still have no
On Fri, 3 Dec 2010 03:52, l...@gmx.at said:
> Even with PIN-pad on a compromised computer you still have no guarantee
> WHAT you are signing.
Right.
> My opinion is that if the computer is compromised you are lost anyway.
However your key won't become compromised and by plugin the smartcard in
10 matches
Mail list logo
