unknown
1970-01-01 00:00:00 UTC
I think you are making a good point though which is that we are
talking about physical
security (of your environment) rather than computational complexity.
Still, securing your
entire perimeter before decrypting/reading your messages rather than
just 25% of it doesn't
strike me as that big a deal. Certainly more of a pain, but if you
were already verifying that no
one had sight lines to your screen (even via telescope from a building
100s of metres away), I see this
as only a relatively small "quantity" change rather than an actual
"quality" change. It changes the
physical envelope that must be secured and how it must be secured, but
doesn't change the fact
that such an envelope exists nor does it dramatically change its size
(compared to the shoulder surfing
threat). Actually, given that they only managed 4 metres with a
parabolic microphone vs. probably 100s
of metres via telescope; it seems even less of a big deal to me.
Oh, one other thing. This compromises your key rather than a
particular message (shoulder surfing) which
is worse than any one message. Of course, if someone is shoulder
surfing you; they can probably recover
your passphrase from viewing your keystrokes anyway. At that point,
they only need to get a copy of your
encrypted private key. Since it is encrypted, many people probably
don't worry about it as much as they
should. Those people who only decrypt their messages inside a
Faraday cage might need to beef up their
acousic dampening as well.
he was never safe. Given that regular a pattern, I would assume that
is what any attacker would do.
I'm not saying that it isn't interesting, but it is not a sky is falling result.
talking about physical
security (of your environment) rather than computational complexity.
Still, securing your
entire perimeter before decrypting/reading your messages rather than
just 25% of it doesn't
strike me as that big a deal. Certainly more of a pain, but if you
were already verifying that no
one had sight lines to your screen (even via telescope from a building
100s of metres away), I see this
as only a relatively small "quantity" change rather than an actual
"quality" change. It changes the
physical envelope that must be secured and how it must be secured, but
doesn't change the fact
that such an envelope exists nor does it dramatically change its size
(compared to the shoulder surfing
threat). Actually, given that they only managed 4 metres with a
parabolic microphone vs. probably 100s
of metres via telescope; it seems even less of a big deal to me.
Oh, one other thing. This compromises your key rather than a
particular message (shoulder surfing) which
is worse than any one message. Of course, if someone is shoulder
surfing you; they can probably recover
your passphrase from viewing your keystrokes anyway. At that point,
they only need to get a copy of your
encrypted private key. Since it is encrypted, many people probably
don't worry about it as much as they
should. Those people who only decrypt their messages inside a
Faraday cage might need to beef up their
acousic dampening as well.
Then jump to the next possibility.
Laptops by their nature are mobile devices so If I have a known NSA employee
who boards the train every day who sits in the very last car with his back
facing the tail end of the train. Then from his laptop VPN's into the office
to get a jump start on his day, In your world he has zero to worry about
other than what happens to the train.
Unless he checks the wall behind him for hidden cameras every time he sits down,Laptops by their nature are mobile devices so If I have a known NSA employee
who boards the train every day who sits in the very last car with his back
facing the tail end of the train. Then from his laptop VPN's into the office
to get a jump start on his day, In your world he has zero to worry about
other than what happens to the train.
he was never safe. Given that regular a pattern, I would assume that
is what any attacker would do.
I'm not saying that it isn't interesting, but it is not a sky is falling result.