Secret key storage question
Bob Luckin
bob at ti.com
Wed Jun 19 20:55:02 CEST 2002
On Wed, Jun 19, 2002 at 01:38:50PM -0400, David Shaw wrote:
> On Wed, Jun 19, 2002 at 12:14:53PM -0500, Bob Luckin wrote:
> > On Wed, Jun 19, 2002 at 09:16:39AM +0200, Arno Wagner wrote:
> > ...
> > > My personal assumption is that as soon as somebody can break
> > > into my computer without me noticing very soon or somebody gets
> > > physical access to my computer, the attacker is in. Doing
> > > keyloggers in hardware or software is not that difficult. Not
> > > araising my suspicion is also possible to do. I would not think
> > > it needs the NSA for that.
> > >
> > > Only way around that would be encryption doen on a trusted
> > > token, like a smartcard, which I would immediately miss if
> > > stolen.
> >
> > But if someone has enough access to your machine to be able to setup a
> > keylogger, then could they not equally well set up something to log the
> > data coming off / going on to the smartcard when it is read/written ?
> > Then they wouldn't need to steal it.
>
> Sure, but that only gives the attacker the one message. They wouldn't
> get the secret key which gives them all messages.
If it is on the card, and they can read the card, surely they would ?
Even if not, they'd get every subsequent message sent via the computer until
the attack was discovered.
Or am I missing something here ?
Cheers, Bob
More information about the Gnupg-devel
mailing list