Possible to combine smartcard PIN with key password?
adrelanos
adrelanos at riseup.net
Fri Dec 27 01:42:05 CET 2013
NdK:
> Il 24/12/2013 02:41, adrelanos ha scritto:
>
>> Adversary capabilities:
>> - Can physically steal the smartcard.
>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]
>> - Not capable of breaking gpg's key encryption/password protection.
>> - Not capable of rubber-hose cryptanalysis.
>> - Not capable of installing a miniature camera and/or hardware keylogger.
> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...
Well, let's go through it.
>> - Can physically steal the smartcard.
A one time robbery or thief doesn't require that much skill. A hacker
conference where one steals a smartcard from a cardrader shouldn't be
that unrealistic?
>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]
This is the only thing I am asking to grant me here for the sake of
discussion.
>> - Not capable of breaking gpg's key encryption/password protection.
Being capable of that would be kinda big news? Either a huge
breakthrough in cracking cryptography or weakness in gpg. So not
assuming it isn't that much of a failure?
>> - Not capable of rubber-hose cryptanalysis.
That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.
>> - Not capable of installing a miniature camera and/or hardware keylogger.
That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.
> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...
I don't understand how you get to that conclusion.
More information about the Gnupg-users
mailing list