OpenPGP Card source

Werner Koch wk at gnupg.org
Fri Mar 4 09:52:22 CET 2011


On Thu,  3 Mar 2011 20:44, david at systemoverlord.com said:

> I suppose this begs the question -- since the card has access to raw
> keys, how confident can we be that no back doors exist in the card?

We can't.

However, we can't be confident about our general purpose CPUs either.  A
few hundred gates out of hundred of millions should be enough to peep at
the code and leak key data.  The damage done to the vendors in case such
a backdoor is found might be different to a backdoor found in a security
chip.

In my threat model the most likely attacks are exploitable vulnerability
in standard software.  Creating such exploits is much cheaper and more
stealth than a backdoor in a mass market chip.  A smartcard is a
reasonable protection against such exploits - at least you key will not
be compromised in case the host box has been compromised.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list