Why trust gpg4win?
Werner Koch
wk at gnupg.org
Mon Oct 28 18:58:11 CET 2013
On Tue, 10 Sep 2013 15:18, ndk.clanbo at gmail.com said:
>> way to connect about anything to a computer. Emulated keyboard which
>> sends ANSI control codes to take over your box without you noticing?
> Uh? "Whithout you noticing"? For sure you know more than me, but to my
> knowledge an USB keyboard only sends key scan-codes (not ANSI sequences,
> that's why you need to set the keyboard language). And if you have an
And that key strokes may for example represent
"<Alt-F2> ping -c1 SOMEHOST; exit" and the attacker will know the time
you inserted the USB stick. Now start doing some real thing.
> Pete proposed to use an USB-to-Serial interface to avoid attacks against
> the USB stack on the PC. Why should an AVR be used to implement a flash
> device?
Because you wrote the USB stack and thus it is trustworthy.
Implementing a backdoor in the AVR proper to detect the use of such a
free software USB stack and subvert it would be much harder than to
implement something into a closed source USB stack.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list