Why trust gpg4win?

NdK ndk.clanbo at gmail.com
Tue Sep 10 09:50:04 CEST 2013


Il 10/09/2013 00:29, Pete Stephenson ha scritto:

>> USB is a peer protocol.  There's an astonishing amount of computational
>> power on both sides of that USB cable.  Protocol negotiation is complex.
>>  Put it all together and you get a peer-to-peer protocol which you
>> *cannot* secure because (a) there are too many computational resources
>> available to an attacker and (b) the protocol itself is too complicated
>> and there are many ways a malicious token could compromise the remote
>> system even without autoplay installed.
I strongly disagree here.
First error: USB is *not* a peer protocol. It's master-slave. FireWire
is a peer protocol.

> I'm sure we've all seen serial-to-USB adapters. Now I wonder if it'd
> be possible to do something in reverse: USB-to-serial.
[...]
> Is such a thing even possible?
Possible yes. Useful no.
You'd be exposed nearly to the same attack vectors. Plus some more (the
ones that handle the extra layer), so you'd have to check more code.

BYtE,
 Diego.



More information about the Gnupg-users mailing list