Secret key storage question
David Shaw
dshaw at jabberwocky.com
Wed Jun 19 20:38:01 CEST 2002
On Wed, Jun 19, 2002 at 12:14:53PM -0500, Bob Luckin wrote:
> On Wed, Jun 19, 2002 at 09:16:39AM +0200, Arno Wagner wrote:
> ...
> > My personal assumption is that as soon as somebody can break
> > into my computer without me noticing very soon or somebody gets
> > physical access to my computer, the attacker is in. Doing
> > keyloggers in hardware or software is not that difficult. Not
> > araising my suspicion is also possible to do. I would not think
> > it needs the NSA for that.
> >
> > Only way around that would be encryption doen on a trusted
> > token, like a smartcard, which I would immediately miss if
> > stolen.
>
> But if someone has enough access to your machine to be able to setup a
> keylogger, then could they not equally well set up something to log the
> data coming off / going on to the smartcard when it is read/written ?
> Then they wouldn't need to steal it.
Sure, but that only gives the attacker the one message. They wouldn't
get the secret key which gives them all messages.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list