Crypto Stick vs Smart Card Reader /w Pin Pad

[Paul R. Ramer]

On August 29, 2014 11:37:27 AM PDT, Jonathan Brown <jonbrownmasterit at gmail.com> wrote:
>Is the crypto stick which is fully open source and open hardware more
>secure than a Gemalto smart card reader with pin pad built in? Which of
>these would make you more of a hard target and increase security.

I would say that they are both good tools for separating the secret keys from the computer.  I have both kinds.  The great thing about the Crypto Stick is that it combines the card reader with the OpenPGP card in one discrete package and uses free software and has open specifications.

As for the smartcard reader with a PIN pad, the advantage to that is that you can use different smartcards with the same reader, and the PIN pad allows you to keep the PIN separate from the computer. Now some would argue that the advantage of this is that it keeps the PIN safe from compromise by a keylogger, which is true. But if your computer is compromised, the *only* thing that may be safe is your PIN and your smartcard. Beyond that you are screwed.

I believe that both are good options and not very different where security is concerned (other than, say, the openness of the hardware specification).  I would recommend you pick the one that will work best for you based on how you operate and how you will use your keys and your computer.

Cheers,

-Paul


--
PGP: 3DB6D884