Crypto device where I need to confirm every operation?

Sandeep Murthy s.murthy at mykolab.com
Fri Jan 23 02:55:18 CET 2015 

> That's not what the original poster was positing, though: the original
> poster was positing *someone else* had complete control -- and trying to
> make a system that works in that environment is a fool's errand.


I was referring to exactly that - *somebody else* having "complete
control" over your hardware, remotely.  There are degrees of that,
and it just seems like an uninteresting abstraction here - what does it
look like?

The original question was:

>> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
>> with PIN pad.
>> 
>> However, there is one attack which I think could be easily
>> prevented: With the card in the reader, the PIN entered, and
>> Eve having remote access to my machine, she could sign and
>> decrypt documents.
>> 
>> To prevent such an attack, I imagine a device where I have to confirm
>> every transaction with a simple push on a hardware button.

An even simpler solution would be to disable all remote sharing
services via the OS.  What else does remote access mean?  After
Shellshock anyone with a Unix like OS enabling such services, e.g.
like SFTP or SSH, is recommended to either upgrade their Bash shell, or
turn off these services completely, which is easy to do.

Sandeep Murthy
s.murthy at mykolab.com

> On 22 Jan 2015, at 23:37, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> 
>> There are degrees of “control over your hardware” and complete
>> control hardware is rarely going to happen.
> 
> That's not what the original poster was positing, though: the original
> poster was positing *someone else* had complete control -- and trying to
> make a system that works in that environment is a fool's errand.
> 
>> then we are all compromised, so why are we even bothering to use
>> tools like GnuPG...
> 
> Excellent question.  Vint Cerf has said that in his estimate one of five
> desktop PCs is completely pwn3d by malware.  We don't pay enough
> attention to that.  We tend to assume the security of the endpoints, and
> that's simply not a supportable assumption nowadays.
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150123/20a4b575/attachment.sig>

More information about the Gnupg-users mailing list