Talking about Cryptodevices... which one?
2014-667rhzu3dc-lists-groups at riseup.net
Sat Feb 7 19:20:06 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 6 February 2015 at 11:59:41 PM, in
<mid:1840536.GW9g4AXMVe at mani>, Johannes Zarl wrote:
> You're conflating two different threats here.
I was referring to the threat "the host computer might be infected
> smartcard *does* protect you from anyone trying to
> steal your private keys.
If they have control of your computer, do they really need to steal
the private keys? Maybe they can achieve their aims remotely, using
the keys in situ on the smartcard. And, of course, a smartcard is a
physical item that can be stolen.
> It does not prevent an attacker from stealing the pin.
I guess a smartcard reader that can only accept the key via its own
keypad would help here. If we can be sure it cannot be modified to
cache the PIN or accept it via the host computer.
> It does not prevent an attacker from deleting your key.
Always best practice to keep a backup. Even without foul-play it would
be needed if the smartcard was lost or broken.
> It does not prevent an attacker from tricking you into
> signing or decrypting a message.
Or making your system sign/decrypt more than one message at a time,
when you were aware of just the one?
> Under some
> circumstances it does not even protect against key-
As has already been mentioned, an "offline" main key stops this.
> Having said all that, I still think it is a worthwhile
> goal to protect the key-material itself using
> smartcard-like hardware / an HSM.
Protecting the private key material is the goal. Use of smartcard and
reader is an example of a strategy to follow in pursuit of that goal.
Use of an offline main key is another example.
> The protection
> against key-theft does radically decrease your attack
> surface in many cases.
As always, it depends on your threat model.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
A candle loses nothing by lighting another candle
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users