Crypto device where I need to confirm every operation?

Faramir at
Fri Jan 23 06:29:32 CET 2015

Hash: SHA256

El 23-01-2015 a las 0:29, Robert J. Hansen escibió:
>>> Smartcards exist to keep private keys safe(r) from being
>>> stolen. They do a pretty good job of that.  But when we expect
>>> smartcards to be able to somehow make a compromised environment
>>> safe to
>> Yes, but maybe you are missing an interesting point...
> You're changing the subject slightly.  :)  The thread is about
> letting a legitimate user continue to safely use the system; you're
> talking about limiting the damage an attacker can do.  The two are
> related but different.

  Oh, yes, you are right. After all, if the attacker can "steal" a
signature, then each time we try to sign something legitimate, the
attacker may be able to hijack it and sign something we don't want to
sign, and the thing we want so sign will remain unsigned. And even if
the attacker can't hijack the signature, malware may very well hijack
the email account, etc.

> The idea might be good for damage mitigation; but for permitting 
> continued normal operation, it's IMO a non-starter on every level.

  Yes, compromised machine must be cleaned ASAP. BTW, if somebody is
willing to develope such safety device, I hope it is designed to have
a "go ahead" button to press, but not to require entering a pin-code
each time. If entering the password to unlock GPG key too often is
unpleasant, doing that in a tiny pin-pad that maybe is not in a
comfortable place would be unusable.

  Best Regards
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list