Possible to combine smartcard PIN with key password?

adrelanos adrelanos at riseup.net
Fri Dec 27 01:41:53 CET 2013


Peter Lebbing:
> The result is that the on-disk key again adds nothing,
> because an adversary that can physically access the smartcard can also
> physically access the computer.

The latter often requires breaking into a flat or an office. While
smartcards are carried around. Breaking into a a flat/office and
installing a hardware keylogger and/or miniature camera requires much
more criminal energy than theft/robbery of a smartcard.

That is also my point. If you enough capabilities to the adversary,
anything can be broken. I only believe, the combination of unique
security advantages, which both hardware protections by smartcards and
key encryption have, leads to a combination of these advantages and thus
defeats more adversaries than not having a combination of these security
features.

> Only if you can make it more difficult to access
> the computer than to access the smartcard, will the on-disk key add anything, I
> think.

Indeed. That's a necessary assumption I didn't write down.

>> Scenario #2
>> ###########
> 
> This scenario doesn't involve additional security gained through two keys; it is
> simply the advantage of a smartcard over an on-disk key.

I believe I said that already. The Scenario #2 was only in the show that
it's worthwhile having the extra security features by smartcards.





More information about the Gnupg-users mailing list