GPF Crypto Stick vs OpenPGP Card

Hauke Laging mailinglisten at hauke-laging.de
Fri Dec 10 01:03:58 CET 2010


Am Montag 06 Dezember 2010 20:21:36 schrieb Marcio B. Jr.:

Sorry, spam filter...

> Hello,
> sorry for this insistence. I just want to get it clearly.
> 
> So, you mean those devices certainly protect information better than a
> regular computer (even if making proper use of disk encryption
> software)?

In general that is correct. In detail that depends on the kind of attack and 
the computer usage.

If the computer has a network connection with not completely secure systems 
then the discussion ends at that point. Disk encryption does not protect 
against online attacks. With regard to every normal PC a smartcard is the 
better solution.

You need a hardware attack in order to get keys out of a smartcard. If you can 
spend millions of dollars for that then it's possible.

If you have an offline PC which never runs complex software with data from 
outside then disk encryption can be even safer than a smartcard. If the 
integrity of the hardware is not an issue and only obvious attacks are an 
issue (stealing and siezing) then only software attacks against the disk 
encryption are possible which can easily be made as hard as the key itself 
(making an attack a waste of time, no matter how much money you throw at it).

But can you be sure that this is the only kind of attack? ;-)  It would 
usually be much cheaper to get access to the system and manipulate the 
hardware, with a hardware keylogger e.g. than to get a key out of a smartcard.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101210/81eb71d2/attachment-0001.pgp>


More information about the Gnupg-users mailing list