More secure than smartcard or cryptostick against remote attacks?
Robert J. Hansen
rjh at sixdemonbag.org
Thu Feb 7 15:49:32 CET 2013
On 02/07/2013 08:14 AM, Peter Lebbing wrote:
> So if an attacker compromises the system and makes the user unable to
> use the device on that system, they will react by stopping using the
> device, but not by stopping using the PC? But at the same time you
> said earlier...
Yes, I did. A good compromise is one that leaves the victim unaware the
machine has been compromised. If you-the-user see evidence that makes
you think you've lost control, the compromise author has failed. (Note
that this isn't true for a lot of malware nowadays, where the hijacker
literally doesn't care if you notice and instead trusts in your
inability to do anything about it: but that's not the kind of malware
we're talking about here, where we're assuming someone who has
compromised your system explicitly for purposes of hijacking your GnuPG
> If my crypto device suddenly stopped working, I'd investigate why and
> possibly re-install the system if I can't find the culprit.
Then I re-compromise your box and start over. I also plant a couple of
messages on message boards you frequent talking about how my dongle, of
the same model number as yours, doesn't work with my Linux distro, of
the same kind as yours, since a recent kernel upgrade. Since I have
your machine compromised I know what sources you check for these things,
and the dark side of crowdsourcing is how easy it is to give strategic
misinformation to people.
At some point you're going to believe the problem is the device doesn't
work. I might also deliver to you a high-priority message, something
that needs a signed response urgently, in order to give you another
reason to disregard the device for "just this once."
> If you thought it not unlikely that an attacker was controlling your
> system and blocking the smartcard, I really doubt you'd respond by
> putting your private key in your keyring on that system, right?
No, quite the opposite. Vint Cerf estimated a few years ago that one in
five desktop PCs was rooted and the owners didn't know it. One in five.
That's a really scary number.
Anyone on this list who thinks they couldn't possibly be part of that
one in five is living in a fantasy world. Any of us could be.
Now, I haven't seen evidence to suggest that my machine is compromised.
But that doesn't mean I have limitless confidence in my hardware. My
desktop PC is trusted hardware in the most classic definition of
trusted: I trust it because I have to, not because I believe it's
deserving of trust.
> But this isn't about winning to me, it's about academical exploration
> of a topic.
And that's the entire methodology I'd use to exploit your perfect
dongle. Those who view things only academically tend to fall down and
go boom when confronted with real-world attacks on the human side of the
system. Those who view things only as human interactions tend to fall
down and go boom when the math works against them. This is the sort of
thing that must be looked at from both directions simultaneously.
> The most important reason is that you took it as a fact that if an
> attacker compromised the PC, the user would react by rewarding him
> with a copy of the private key, exactly the opposite of your advice
> to cut the PC out of the process. I really wouldn't call that the
> "most generous assumptions possible" at all.
Sure. Because if I give you any clue that the machine is compromised,
I've failed to write a good compromise. I'm assuming for sake of
argument that I'm competent at skulduggery.
> A properly cautious user should no longer trust the PC that is not
> accepting the device when seemingly rather identical systems do
> accept it.
Which is why I would seed the forums you use with reports of these
devices not working.
More information about the Gnupg-users