More secure than smartcard or cryptostick against remote attacks?

Thu Feb 7 15:26:56 CET 2013

On Thursday 07 of February 2013 14:14:44 Peter Lebbing wrote:
> > *Even if your dongle works exactly as intended*, I can -- by simulating a
> > hardware failure -- drive you into a fallback where you use a compromised
> > machine.
> 
> It's a good attack. Thank you for sharing it. But to say it makes the device
> bogus is a way too easy dismissal.
> 
> So if an attacker compromises the system and makes the user unable to use
> the device on that system, they will react by stopping using the device,
> but not by stopping using the PC? But at the same time you said earlier
> 
> > If you believe the PC is compromised, cut it out of your process
> > completely.
> I would agree with the latter. The strength of the device is that it won't
> issue false signatures in the period that your PC *is* compromised but you
> haven't discovered it yet!
> 
> If my crypto device suddenly stopped working, I'd investigate why and
> possibly re-install the system if I can't find the culprit.
> 
> Your case of not using the smartcard isn't really completely comparable to
> me. You feel the fault lies with Fedora. Re-installing from scratch doesn't
> fix anything. If you thought it not unlikely that an attacker was
> controlling your system and blocking the smartcard, I really doubt you'd
> respond by putting your private key in your keyring on that system, right?
> 
> > Under the most generous assumption possible about your dongle ("it works
> > perfectly and exactly as intended"), your dongle still doesn't work. And
> > that, to me, is the definition of bogus.
> > 
> > If under the most generous assumptions possible something still doesn't
> > work, then that thing is bogus.
> 
> [1]
> 
> Nice rhetorics. In isolation, it sounds nice. In context, it is itself
> bogus. I'd really appreciate it if we discuss the technical merits, and not
> make a competition out of who can come up with the best rethorics. You will
> no doubt win. But this isn't about winning to me, it's about academical
> exploration of a topic.
> 
> Your most generous assumptions are at first "about your dongle". In the next
> sentence, those same assumptions are suddenly generalised, making the
> statement nice and catching. But as soon as we look at the bigger picture,
> your assumptions aren't that generous.
> 
> The most important reason is that you took it as a fact that if an attacker
> compromised the PC, the user would react by rewarding him with a copy of the
> private key, exactly the opposite of your advice to cut the PC out of the
> process. I really wouldn't call that the "most generous assumptions
> possible" at all.
> 

In a world where software and hardware usually *has* bugs it's more likely 
that the dongle stopped working because of bugs, not because I'm under attack.

Especially if we're talking about the "usual use case", I doubt even bigger 
companies that use GPG review all the patches and test them individially, let 
alone individuals.

The usual response in this kind of situation is "let me do my damn work 
already" not "hmm, interesting, let's diagnose the issue, other projects be 
damned". Honestly, I'd probably fall victim to such an attack, and IMNSHO I'm 
a bit more knowledgable about crypto and security that regular users of GPG. 
I'm afraid that this kind of attack would be only unsuccessful against GPG 
developers or developers close to the GPG project (basically only the people 
that would have the means, knowledge and time to bisect the issue).

Regards,
-- 
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl