Possible to combine smartcard PIN with key password?

adrelanos adrelanos at riseup.net
Fri Dec 27 01:42:05 CET 2013


NdK:
> Il 24/12/2013 02:41, adrelanos ha scritto:
> 
>> Adversary capabilities:
>> - Can physically steal the smartcard.
>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]
>> - Not capable of breaking gpg's key encryption/password protection.
>> - Not capable of rubber-hose cryptanalysis.
>> - Not capable of installing a miniature camera and/or hardware keylogger.
> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...

Well, let's go through it.

>> - Can physically steal the smartcard.

A one time robbery or thief doesn't require that much skill. A hacker
conference where one steals a smartcard from a cardrader shouldn't be
that unrealistic?

>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]

This is the only thing I am asking to grant me here for the sake of
discussion.

>> - Not capable of breaking gpg's key encryption/password protection.

Being capable of that would be kinda big news? Either a huge
breakthrough in cracking cryptography or weakness in gpg. So not
assuming it isn't that much of a failure?

>> - Not capable of rubber-hose cryptanalysis.

That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.

>> - Not capable of installing a miniature camera and/or hardware keylogger.

That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.

> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...

I don't understand how you get to that conclusion.



More information about the Gnupg-users mailing list