More secure than smartcard or cryptostick against remote attacks?

refreshing at tormail.org refreshing at tormail.org
Thu Feb 7 11:03:30 CET 2013


> On 02/05/2013 01:04 PM, Peter Lebbing wrote:
>> While I agree with the broad sentiment, I'm not so sure a certain
>> amount of damage control is impossible with what he/she proposes. If
>> you have a device with small attack surface[1] that shows you the
>> plaintext you're about to sign before signing it *with that device*,
>> you can at least prevent making bogus signatures. That still means
>> you're in trouble when your PC is under control of an attacker, but
>> you can't be coerced to issue false signatures. That's certainly
>> something.
>
> If you don't trust the PC that GnuPG is running on, don't run GnuPG on
> that system.  (Or anything else that requires trust, for that matter.)

I have no reason to believe my system is compromised. Taking security very
serious. Otherwise I wouldn't bother posting here. :)

That sounds like a oxymoron. How can I be REALLY sure my system isn't
compromised? Mail clients and browsers are major attack surface and a
device exposed to internet can not be as secure as a small single purposed
device.

> It makes no sense to me to believe that it's somehow possible to have a
> dongle that you can plug into a compromised PC to make it safe (or
> safer) to sign with.

I think if designed right it works. This implies the compromised machine
can not attack the text reading and gpg signing device.

> If you believe the PC is compromised, cut it out
> of your process completely.  There is no other realistic option here
> that I can see.
>





More information about the Gnupg-users mailing list