is, but my Nitrokey survived a
wash and the majority of a dry cycle unscathed. I've never run into the
basement so quickly in my life when I realized what I had done.
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 23
;s stored in one of two locations that cannot be
accessed without being seen and felt.
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
signature.asc
Description: PGP signature
___
hat have made their way into pentesting frameworks with a
click-to-pwn usability level.
Do I think Mickens is going to stand there and tell Karen Sandler that
she shouldn't give a care about the security of her pacemaker because
someone can season her cup of noodles with uranium? No,
a
smartcard to be essential. Otherwise, the user is just furthering her
risk of compromise.
Key safety is still important.
But again, that's assuming that Eve/Mallory _exist_. With my original
argument: they may not. The average user is far more likely to get some
ran
use of my smartcard sometimes initiates discussion.
And sometimes people use GPG simply because they want to be able to use
a smartcard for something like SSH.
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D0
nals, don't
click on herbal Viagra ads" and "Mossad, magical amulets". The original
conversation into which you pasted that quote wasn't talking about
Mossad (unless I missed something).
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D
tlenecks that increase the
cost/risk of an attack possibly to the point that it's not worth
carrying out. That's also a driver behind a lot of the legislation/laws
we see under the guise of protection against terrorism and "going
dark"---if you can't beat 'em, make th
rating system, "GNU/Linux" should be used.
Please see:
https://www.gnu.org/prep/maintain/maintain.html#GNU-and-Linux
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerw
On Tue, Oct 10, 2017 at 18:03:52 +0200, Leo Gaspard wrote:
> On 10/10/2017 03:13 PM, Mike Gerwitz wrote:
>> On Mon, Oct 09, 2017 at 22:06:17 -0400, Robert J. Hansen wrote:
>>> A request has been made that each instance of "Linux" in the FAQ be
>>> replaced with
On Tue, Oct 10, 2017 at 12:37:15 -0300, Duane Whitty wrote:
> On 17-10-10 10:13 AM, Mike Gerwitz wrote:
>> GnuPG is part of the GNU operating system. Anywhere "Linux" is
>> used to describe the GNU/Linux operating system, "GNU/Linux" should
>> be used.
&g
On Tue, Oct 10, 2017 at 17:56:05 +0100, Andrew Gallagher wrote:
> On 10/10/17 17:33, Mike Gerwitz wrote:
>> Not promoting its own ideals is working contrary to its goals.
>
> There is nothing in the GPL that requires one to be an evangelist. If
> the FAQ is incorrect or misleadin
commits, and I'll sign
sometimes dozens of times per day, with forced pinentry.
I'm not suggesting that RSA be used instead of ECC; my token just
doesn't support it. But newer Nitrokeys do. I'll likely switch
eventually.
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maint
I know how long the light on the smartcard should be on for
and watch it the entire time. I never allow the card to be out of my
view when connected to a system.
Of course, there's also the risk that someone has physically tampered
with the smartcard to suppress the LED under certain
circumst
er, or there's a security
camera in the distance, an audio recording of your keypresses, or
_anything_ that reduces the keyspace of your passphrase, then an
attacker can brute force the rest offline forever using an old copy of
your key, and there's nothing you can do about it.
--
Mike Ge
14 matches
Mail list logo
