Talking about Cryptodevices... which one?

[Matthias-Christian Ott]

On 2015-01-23 21:31, Werner Koch wrote:
> On Fri, 23 Jan 2015 12:19, felix.klee at inka.de said:
> 
>>   * There will be a new batch of cards, with the same functionality but
>>     updated print: On the back of the current cards, it says “RSA with
>>     up to 3072 bit” when in fact the cards support up to 4096 bit.
> 
> The code for the card and the specs will also have some minor updates.
> This has been done mostly on requests from the Nitrokey (aka
> CryptoStick) folks.  Nothing to worry about.  Achim already send me the
> specs and I will put them online soon.
> 
>> As for the reader, I got a Reiner SCT cyberJack RFID standard. The RFID
> 
> If you do not use Windows I would strongly advise against Rainer
> products.
> 
> I never achieved to make them work for me, requests for technical
> support were never answered, all requests for a sample were rejected or
> they quoted unacceptable prices.  Further, the Cyberjack readers run a
> lot of code not necessary for accessing the card and the firmware can
> easily be updated from the host (if you know how to do that).  Granted,
> other vendors also have easy changeable firmware but their
> microcontrollers are smaller and writing malware for them is harder.  I
> won't trust such devices - we don't know whether the BND has an
> agreement with them not to fix exploitable bugs so to allow them
> inserting code to track PINs.

The same is true for the OpenPGP smart card or for almost any other
smart card available on the market. They could all contain a secret key
escrow mechanism and some probably do. Proprietary smart cards are hard
to audit and verify and are easy targets for backdoors and bugdoors.
Moreover, I would like to see a realistic threat model under which
compromising the host system does not render the smart card useless
(that doesn't mean smart cards aren't useful from a usability
perspective for some types of users). From a security perspective it's
yet another mitigation technique to try to work around insecure
operating systems and applications.

There are some smart cards with PIC and AVR microcontroller available on
the market that seem to be used to decode scrambled/encrypted satellite
broadcasts (starting keyword: Funcard, Goldcard). They have limited
memory but there are models that should suffice for a minimal
implementation of the OpenPGP Card specification. There are also similar
microcontrollers of the size of a USB flash drive. Both have fuses to
prevent changing the bootloader which in turn could verify firmware
uploaded to the device.

As already mentioned in this discussion, there is also Gnuk which is a
USB device without proprietary firmware and there are USB connected
computers of the size of a USB flash drive that run GNU/Linux and could
be used as a HSM (there are several software based Free Software HSM
implementations).

Moreover, you should be able to use any card supported by OpenSC
(including MuscleCard and derived Java Card applets) with gnupg-pkcs11.
As far as I know OpenSC does not support any hardware that is entirely
based on Free Software.

That being said, really think about your threat model and whether smart
cards would help you to prevent attacks in your threat model. If they
don't, save the money or give it to people in need.

- Matthias-Christian