Originally posted by DrYak
View Post
Also, I see that this attack depended on decryption of a known plaintext, rather than unlocking an encrypted disk or opening a PGP encrypted email (assymetrical key opens symmetrical message key) email. The message key for a single PGP/GPG email is not a known plaintext, though the public key could be used to replace it with one. This would be an attack on encrypted email, not my hard drive. It would require predicting in advance who would sit next to me at a meeting, attacking their phone, and hoping we don't collect all the phones first-and that I actually open that email at the meeting. Counter is as simple as never using PGP or GPG in the presence of anyone else's phone, I don't own a smartphone due to CALEA so that line of attack is closed.
Leave a comment: