How to enable ack button functionality on FST-01sz
Werner Koch
wk at gnupg.org
Wed Jan 6 19:44:18 CET 2021
On Wed, 6 Jan 2021 15:19, Mark Debian said:
> After you insert and use your Gnuk token smartcard the gpg-agent will
> cache your password. If someone has backdoor shell access then they
No. The agent does not cacge the PIN or passphrase - this is done by
the smartcard.
> Otherwise how do you counter the threat of someone gaining backdoor
> shell access to your account? That is the threat that the smartcard
> ultimately provides the extra protection against.
You can't. The smartcard protects your key but it can't really protect
the use of the key as long as the smartcard is plugged in.
BTW, Forcing a user to enter the Admin-PIN is pretty easy. Just let the
malware use up the the PIN along with some social engineering and most
users will enter the Admin PIN to unblock the PIN...
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20210106/24a53aad/attachment.sig>
More information about the Gnuk-users
mailing list