Crypto device where I need to confirm every operation?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 22 22:55:53 CET 2015
On Thu 2015-01-22 13:44:12 -0500, Robert J. Hansen wrote:
>> To prevent such an attack, I imagine a device where I have to
>> confirm every transaction with a simple push on a hardware button.
[...]
>
> Once you lose control of the hardware, you're done.
The attack you describe is significantly more complex and more visible
than the attack the original poster outlined.
Yes, in the long run, if you can't trust your endpoint, you can be
compromised.
But this is a game of defense in depth, and the proposed changes seem
like a useful step in raising the bar for an attacker.
--dkg
More information about the Gnupg-users
mailing list