AW: Smartcard Support, open system security, law,( certificate sig removed)
Thu Aug 21 18:52:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
> -----Ursprungliche Nachricht-----
> Von: email@example.com [mailto:firstname.lastname@example.org]Im
> Auftrag von Werner Koch
> Gesendet: Donnerstag, 21. August 2003 17:55
> An: email@example.com
> Cc: firstname.lastname@example.org; email@example.com
> Betreff: Re: Smartcard Support, open system security, law,( certificate
> sig removed)
> On Thu, 21 Aug 2003 16:56:10 +0200, thomas schorpp said:
> > im against and dont like using smartcards due to certain
> security flaws with
> > its whole system:
> It has been said at least 42 times: What constitutes a security flaw
> depends on your threat model. So before you talk about it, define
> your threat model.
why? there are enough known side-channels to attack. take a good look at the
pay-tv, moneycard hacker scene...
> > - it makes no sense to protect and provide electronic signatures with
> > strong algorithms and then using weak smartcard pins of 4-6
> decimal digits,
> > this would be the way of the german signature law (SigG) and
> its well known
> > providers regtp (the old bundespost), bmi, tuvit, d-trust...
> The PIN is simply a countermeasure to increase the time window you
> have to relalise that your card has been stolen/abused, to create a
> revocation and distribute that. That's all a PIN is good for.
> Similar for GnuPG's passphrase. Nobody expects any strong security in
> a PIN.
no. i dont agree. the pin protects my electronic signature itsself in a
if it would not be so, we could trash the whole thing.
this is the ec bankcard and creditcard problem.
> > - the cards and its commercial systems will be hacked, loosed,
> > pin-compromised faster than you think.
> Please define commercial system - I guess you mean proprietary system.
> All what you describe above constitutes local attacks requiring
> physical access to the card or reader. There is not much one can do
> about it except for plain old phsical security diligence.
not a problem finding a lost smartcard if they spread next years.
> A smartcard protects very well against any remote key compromise
> attack. It can't protect you from malicious software on the host,
no it wont, search the internet for well documented attacks, a open SW/HW
source box would be much stronger.
insulated debian (embedded) linux...?
> > - the reasonable use of smartcards to protect data requires
> protecting the
> > pin in a encrypted file using a strong passphrase in brain only
> and never to
> This won't help. The box you are using to keep the encrypted file may
> already run malicious software.
the commercial sources YOU prefer to trust here would indeed! (NSAKeys,
a open SW/HW source box would be much stronger.
insulated debian (embedded) linux...?
> > for such a project we need not only open software, we would need OPEN
> > HARDWARE systems of intelligent mobile devices (a stupid smartcard or
> > usb-stick isnt that way), too.
> I don't know what you mean by open hardware? Hardware is entirely
> different from software because you can't build it at home from a
> piece of silicon and copying is is not of near-zero cost. Of course,
> I'd like to see free designs of chips, so that you can take the design
> to any fab and have them produce N of those chips. This is an
> expensive task and those chips won't be as cheap as we are used to -
> getting the critical mass to make the production cheaper is far harder
> than with software.
i expect at least only devices with the most open specs more than just
mentioning ISO's to adopt here.
> For many application domains a smartcard is a thing you want to
> have. For example: The key I use to sign GnuPG is on some box which is
> somehow connected to the net and thus this key is a possible target
> for an attack. I would feel much safer with that key on a smartcard
> with an integrated signature counter and only used in the few seconds
> every once in a while while signing a package. Then, it will be much
> harder to trick my box into signing something without my attention.
a-ah, so-so :)) AND ONE WANT TO HAVE IT FROM YOUR INC G10, dont he/she?
all marketing bla-bla (vertrieblergewasch) :[
no, i wont trust this concept for the above mentioned reasons.
> Well, there is still the question whether the right thing has been
> signed but a malicious signature will be detected very shortly after
> it. The real problem is how to assure that the source has not been
> tampered with - I review the diffs before a stable release - but that
> is a boring task and prone to errors. Hopefully others are watching
> the code too.
hopefully some cryptanalysis guys and many (freedom of information) hackers.
> > besides, our open sytems should include the ability to handle the TWO
> > personals needs of a todays electronic individual or
> organisation (juristic
> > persons): we need 2 personal signature/encryption keys/certificates, one
> The OpenPGP smartcard comes with thre keys: Signing (useful digital
> signatures), encryption and authentication (ssh, pam).
you didnt understand. read again, please. we must include lawful signatures
in nearer future.
> > microsoft WOULD lead in the future. gnupg is therefor funded in
> part by the
> > german ministry of economics to adopt later in civil "government"(?). so
> [ It is a long long time ago that we received some funds. The
> development is for ~95% done without any financial support. You can
> change this of course, see for example:
> http://g10code.com/products.html#maintpoints ]
i wont buy nothing :]
> Werner Koch <firstname.lastname@example.org>
> The GnuPG Experts http://g10code.com
> Free Software Foundation Europe
Gnupg-users mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96
-----END PGP SIGNATURE-----