Secret key storage question
Bob Luckin
bob at ti.com
Wed Jun 19 20:14:01 CEST 2002
On Wed, Jun 19, 2002 at 09:16:39AM +0200, Arno Wagner wrote:
...
> My personal assumption is that as soon as somebody can break
> into my computer without me noticing very soon or somebody gets
> physical access to my computer, the attacker is in. Doing
> keyloggers in hardware or software is not that difficult. Not
> araising my suspicion is also possible to do. I would not think
> it needs the NSA for that.
>
> Only way around that would be encryption doen on a trusted
> token, like a smartcard, which I would immediately miss if
> stolen.
But if someone has enough access to your machine to be able to setup a
keylogger, then could they not equally well set up something to log the
data coming off / going on to the smartcard when it is read/written ?
Then they wouldn't need to steal it.
Cheers, Bob
More information about the Gnupg-devel
mailing list