How secure are smartcards?

[Werner Koch]

On Fri, 29 Jul 2011 11:58, richard at r-selected.de said:

> 100.000 as a one-time investment for breaking into an unlimited number
> of OpenPGP smart cards? If I were a government, I would definitely buy

Whatever the number is, it is for each break and you have only a certain
probability so successfully read out the key.  That is why I wrote
"unless a master key scheme is used" - something which is stupid for
almost all systems.  And well, you need to get your hands on the card
first.

> Hence, one has to assume it's safer to use encrypted harddrives for
> key storage than a smartcard if one wants to protect their data from

Nope.  It is is easy to write a trojan to send the passphrase key back
to an attacker or store it somewhere on the box (e.g. RTC chip, battery
charging logic) so you can use it once you get physical control over the
box.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.