[PATCH] Fix typo in scdaemon reload command doc
gniibe at fsij.org
Fri Oct 12 03:13:05 CEST 2018
Simon Josefsson <simon at josefsson.org> writes:
> Is there any freedom/privacy/security advantage with the FST-01G
> compared to Tomu?
Well, I don't deny Tomu in a way of comparison, in public.
Instead, let me explain my points.
In my own opinion, a token should be easy to be removed off from host
The smaller the token is, the better... but not that smaller, when we
assume bringing it independently.
The background of FST-01SZ (to be smaller) is that there can be an
attack to USB-A connector, which is considered somehow practical now.
Adversary can put malicious chip to enable MiTM attack inside USB-A
connector. <--- using a technology which enables Tomu!
One of Gnuk Token users uses magnetic USB, so that his token can be
easily removed off. This idea can be extended to make better token
hardware, if we can assume a use case where a user permanently puts
adopter on host computer(s), and only bringing smaller token. But...
this might make distribution more difficult, since magnet is not allowed
in a usual parcel, I'm afraid.
And... if the adopter is permanently on host computer, it is difficult
for a user when it is attacked (replaced by malicous MiTM version).
When you permanently put your private key on your host computer, TPM
module would be your choice, if there were free implementation.
Unfortunately, I don't know such an implementation, but reverse
engineering against proprietary implementation would be possible.
More information about the Gnuk-users