More secure than smartcard or cryptostick against remote attacks?

refreshing at tormail.org refreshing at tormail.org
Thu Feb 7 11:14:30 CET 2013


> On 06/02/13 02:49, Robert J. Hansen wrote:
>> It makes no sense to me to believe that it's somehow possible to have a
>> dongle that you can plug into a compromised PC to make it safe (or
>> safer) to sign with.
>
> Can you explain (broadly) how one would compromise the signature/the
> device that
> you sign with?
>
> I myself always say "if you don't control your own PC, it's over". I don't
> see
> however how that compromised PC in this instance can force me to do false
> signatures, which is the context I'm placing it in.
>
> You're still majorly screwed, obviously. An attacker will easily come up
> with
> some other nasty thing to do to you. Just not issuing false signatures.
>
> Peter.
>

Can't say better than that.





More information about the Gnupg-users mailing list