Old PC as Hardware Security Module?
groups at caseyljones.net
Tue May 15 08:01:54 CEST 2007
Werner Koch wrote:
> On Mon, 14 May 2007 16:15, groups at caseyljones.net said:
>> Why doesn't it make sense? The chip's security features make it fairly
>> secure. But having the keys encrypted on the card would make it highly
>> secure. As long as the passphrase hadn't been captured, like after being
> No, you are required to remember a long passphrase and use it all the
> time. The advantage of a PIN is that it is easy to remember (well, even
> the 6 digits are too many for many people). Security is tradeoff here
> between usability and semi-paranoia.
I thought most people kept their private keys encrypted with a long
passphrase on their hard drives anyway. Since memorizing a 128bit
decimal passphrase would be impractical, I envision entering the
passphrase on your keyboard, which would be sent to the card to decrypt
the key, then entering a short PIN on the PIN pad as well. If someone
had already rooted your computer before physically stealing your card,
then you would be defeated.
But it seems to me there are a small but significant possibility of
situations where someone hostile might get possession of your card but
not have rooted your computer. Your card might be confiscated at a
border crossing for example. Or you might get arrested by mistake or for
something minor, and loose possession of your card for a while. A lot of
governments might be able to trivially crack smart card security. The
local police might overnight it to the feds for a quick key extraction.
Organized criminals might have no problem cracking it either. A
pickpocket might sell it to some mobsters for industrial espionage or to
ransom back to you.
> If on the other side you really have these strong security demands, you
> need to define your whole working process very tightly. The smart card
> will be just a very small piece of the whole story.
Encrypting the key on card seems to me like a minor inconvenience for a
significant security enhancement. I'd say it's worthwhile even for a low
>> Can the person who loads the software onto the cards be given orders by
>> the German court?
> No, that is ridiculous. The vendor does not know who will buy the card
> and no court is able to a demand that all cards are to be bugged.
Apparently every copy of the JAP was modified. Why not every BasicCard
or every OpenPGP Card, in order to target a single individual?
>> According to this article
>> it was mandated by the courts.
> IIRC, the prosecution office asked for the data and not a court. For
> whatever reasons the JAP folks at the Dresden university decided that
> they want to help them. There was no actual need.
"the ICPP received a judicial instruction
by the Local Court (Amtsgericht) Frankfurt
/ Main, Germany, by which the collaborators
of the research project AN.ON were bound
to record all access to a particular IP address"
Were they forced, or did they lie, or what? How did their appeal go?
>>> That is basically the same as with a TOR server: It is
>>> possible to log things to help the prosecution but no sane person wouild
>>> do this.
>> Are the authors of the Java Anonymous Proxy not sane? If they would do
>> it, why not ZeitControl?
> Indeed, adding a logging feature and using it for more than debugging is
> IMHO insane.
I don't think that qualifies as insane. You may have a misunderstanding
of the definition of the word insane or perhaps you're just
exaggerating. But even if it is insane, if the JAP developers are that
insane, why not ZeitControl also?
> Regarding the Zeitcontrol OS used by the card: I have no
> idea whether they log things. But I have enough reasons to believe they
> don't: Where should it be saved, what subliminal channels are they using
The only advantage of the smart card is that it makes extraction of the
private key impractical (hopefully). Therefore an embedded exploit would
probably be just an alternative master PIN and a way to dump the memory.
> and how would they make money with such a feature.
The developers of open source privacy software are probably generally
highly resistant to the compromise of their work. And if the exploit is
revealed, they probably won't loose their job or company. But a company
would probably be much more motivated to keep such a court order secret,
for fear of having their business ruined if they should be found out. If
the software is closed source, there's a good chance they could keep it
> Have you also asked the card reader vendors whether they have a
> backdoor? Or the firmware of your old PC, or....?
That's a serious concern. Especially for machines made in china and some
other places. The only small comfort I used to have was that I thought
governments wouldn't risk ruining their software and electronics
industry by forcing them to implant such things. But amazingly Germany
seems willing to do this. It's one thing for the government itself to
put bugs in only the items used by their targets, but to force others to
install secret compromises in every item released, casts doubt on all
the products of the entire nation. I would think that the software
manufacturers would insist on a law being made to say that the
government couldn't force developers to participate in such secret
exploits. A strong and clear ruling by the courts might be sufficient.
>> What will you do if the court orders you to turn on logging, hand over
>> the logs, and keep it secret?
> I would shutdown the service of course.
> But they can't demand that. This is a service designed for routing
> packets in the Internet and as such explicitly excluded by the
> wiretapping laws.
I was wondering what you would do if the government required you to
secretly log passphrases in gpg, or implant some other compromise. You
say that you would go to jail before complying with the court order? I
have no reason to doubt your integrity personally, I expect that you are
an honorable person. But how can we be confident? Luckily gpg is open
source, so we can verify for ourselves. Unfortunately the OpenPGP Card
More information about the Gnupg-users