Any future for the Crypto Stick?

NdK ndk.clanbo at
Tue Dec 3 17:59:53 CET 2013

Il 03/12/2013 15:30, Mark H. Wood ha scritto:

> I wonder how feasible that really is.  The system surrounding the card
> is not under control of the card's manufacturer or anyone who might
> have corrupted him.  All it takes is one knowledgable person watching
> the data stream for interesting anomalies, and you have given the game
> away.  The cost, as we've recently seen, could be considerable.
Unless the exploit could be categorised as "bug". Like the power glitch
that allows clearing fuses in some PICs (advertised as secure chips, at
the time... now they're saying it's secure unless operated outside
nominal values) w/o wiping the rest of the memory.

This way you'd have to use a non-standard reader to introduce a specific
error. Or, maybe, a protection layer that fails if frozen before
exposing it to oxygen, allowing the attacker to succesfully decap the
chip before it self-erases.

There are simply too many attack vectors to say the evaluation considers
'em all. It needs to stop somewhere saying "this chip is secure against
these attacks" since it can't say "it's secure against any attack you
could think of". And/or it places a budget limit on the attack: if it
costs more than that, the attack is worthless.

I've seen this tradeoff while studying openalarm, a (wannabe, still in
its early stages) burglar alarm system scalable from garage to bank: as
long as you can trust a producer and an installer, it's quite easy and
anything will do (if you need to protect your personal mail from your
nosy boss, FST-01 is more than enough). If you can't, you need
exponentially more resources to be able to pinpoint the black hat, be it
the producer of a node, of one of the management systems or the
installer trying to slip a backdoor in.

If you don't/can't trust a single smartcard manufacturer, you'd need to
use at least four (if you need to be able to say who is the misbehaving
one -- byzantine generals problem in case of 3 with one misbehaving agent).

So, for the vast majority of uses, the solution might be non-technical:
use a certified Common Criteria card and make sure to have evidence that
if the key is leaked then that certification is bogus. Quite unlikely
the NSA will reveal having a backdoor just to arrest *you* :)


More information about the Gnupg-users mailing list