Why trust gpg4win?

Werner Koch wk at gnupg.org
Tue Sep 10 14:19:42 CEST 2013


On Tue, 10 Sep 2013 09:50, ndk.clanbo at gmail.com said:

> First error: USB is *not* a peer protocol. It's master-slave. FireWire
> is a peer protocol.

However, that is implemented by computers at boths ends and the software
there may have backdoors or explotable code which coult be used for all
kind of tricks.  Look only at the trend to use HID as simple driver-less
way to connect about anything to a computer.  Emulated keyboard which
sends ANSI control codes to take over your box without you noticing?

> You'd be exposed nearly to the same attack vectors. Plus some more (the
> ones that handle the extra layer), so you'd have to check more code.

So what about using that free USB stack for AVR's to implement a flash
device?  You would be able to audit about everything; flylogic even has
these nice pictures of the ATmega88 masks...


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list