More secure than smartcard or cryptostick against remote attacks?

[Peter Lebbing]

> *Even if your dongle works exactly as intended*, I can -- by simulating a 
> hardware failure -- drive you into a fallback where you use a compromised 
> machine.

It's a good attack. Thank you for sharing it. But to say it makes the device
bogus is a way too easy dismissal.

So if an attacker compromises the system and makes the user unable to use the
device on that system, they will react by stopping using the device, but not by
stopping using the PC? But at the same time you said earlier

> If you believe the PC is compromised, cut it out of your process completely.

I would agree with the latter. The strength of the device is that it won't issue
false signatures in the period that your PC *is* compromised but you haven't
discovered it yet!

If my crypto device suddenly stopped working, I'd investigate why and possibly
re-install the system if I can't find the culprit.

Your case of not using the smartcard isn't really completely comparable to me.
You feel the fault lies with Fedora. Re-installing from scratch doesn't fix
anything. If you thought it not unlikely that an attacker was controlling your
system and blocking the smartcard, I really doubt you'd respond by putting your
private key in your keyring on that system, right?

> Under the most generous assumption possible about your dongle ("it works 
> perfectly and exactly as intended"), your dongle still doesn't work. And 
> that, to me, is the definition of bogus.

> If under the most generous assumptions possible something still doesn't work,
> then that thing is bogus.
[1]

Nice rhetorics. In isolation, it sounds nice. In context, it is itself bogus.
I'd really appreciate it if we discuss the technical merits, and not make a
competition out of who can come up with the best rethorics. You will no doubt
win. But this isn't about winning to me, it's about academical exploration of a
topic.

Your most generous assumptions are at first "about your dongle". In the next
sentence, those same assumptions are suddenly generalised, making the statement
nice and catching. But as soon as we look at the bigger picture, your
assumptions aren't that generous.

The most important reason is that you took it as a fact that if an attacker
compromised the PC, the user would react by rewarding him with a copy of the
private key, exactly the opposite of your advice to cut the PC out of the
process. I really wouldn't call that the "most generous assumptions possible" at
all.

> Anyone who objects to this on the grounds of "well, that's a human exploit, 
> not a technological one!" will get a cream pie thrown at them.

Unfortunately no cake for me, because human exploits are obviously very real and
need to be accounted for.

This is a viable attack. It might work. Because of user misjudgement. That does
not make the device useless. A properly cautious user should no longer trust the
PC that is not accepting the device when seemingly rather identical systems do
accept it. Caution is always required when working with cryptography you rely
on, there's nothing new there. This device doesn't magically make all worries go
away.

Peter.

[1] I split the quote to emphasize the last sentence

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>