Secret key storage question

David Shaw dshaw at jabberwocky.com
Wed Jun 19 20:38:01 CEST 2002


On Wed, Jun 19, 2002 at 12:14:53PM -0500, Bob Luckin wrote:
> On Wed, Jun 19, 2002 at 09:16:39AM +0200, Arno Wagner wrote:
> ...
> > My personal assumption is that as soon as somebody can break 
> > into my computer without me noticing very soon or somebody gets 
> > physical access to my computer, the attacker is in. Doing 
> > keyloggers in hardware or software is not that difficult. Not 
> > araising my suspicion is also possible to do. I would not think 
> > it needs the NSA for that.
> > 
> > Only way around that would be encryption doen on a trusted 
> > token, like a smartcard, which I would immediately miss if
> > stolen.
> 
> But if someone has enough access to your machine to be able to setup a
> keylogger, then could they not equally well set up something to log the
> data coming off / going on to the smartcard when it is read/written ?
> Then they wouldn't need to steal it.

Sure, but that only gives the attacker the one message.  They wouldn't
get the secret key which gives them all messages.

David

-- 
   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson




More information about the Gnupg-devel mailing list