The paper seems to describe a process where only the public key has to be on the "spied upon" machine. Everybody can get access to almost everybody's public pgp key.
Does this mean, that all RSA pgp / gpg keys can be compromised using this method, even if one keeps the secret key on a computer with only a floppy drive (to get the data which will be decrypted onto the machine) and no connection to any kind of a network (ideally...)?
Is it really this scary, or do they infact need to spy on the machine with the secret key on it?
From the paper, it sounds as though the attack only relies on the public key.
Does this mean that all pgp / gpg secret keys can be compromised this way?
Slashdot Mirror
Why do people trust complex programs with colorful symbols and logos more than a simple linux command, where you know what is going on?
The paper seems to describe a process where only the public key has to be on the "spied upon" machine. Everybody can get access to almost everybody's public pgp key. Does this mean, that all RSA pgp / gpg keys can be compromised using this method, even if one keeps the secret key on a computer with only a floppy drive (to get the data which will be decrypted onto the machine) and no connection to any kind of a network (ideally...)? Is it really this scary, or do they infact need to spy on the machine with the secret key on it?
From the paper, it sounds as though the attack only relies on the public key. Does this mean that all pgp / gpg secret keys can be compromised this way?