Making the case for smart cards for the average user

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Sat Mar 14 13:53:55 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Friday 13 March 2015 at 8:13:38 PM, in
<mid:CAAocvpv5ChY9NKpkz0utkiyuNQay2n=DpPWcP1z7A0CoVf631A at mail.gmail.com>,
Joey Castillo wrote:


> Unlocking a card
> with a PIN is a metaphor that people already know and
> use with bank cards.

Yes, and a sizeable minority have problems with this method of using
bank cards.



> Choosing and memorizing a strong
> passphrase, by comparison, is something the average
> user is likely to have trouble with.

This trouble goes away for the "average user" who uses a password
manager.



> Moreover, we're a multi-screen environment now; people
> expect to have access to their stuff across devices.
> With a smart card they can keep their secret keys in
> one place, as opposed to creating multiple points of
> potential compromise.

It there not still potential compromise each time you use it, such as
the possibility of malware substituting the message?



> Plus by integrating NFC
> technology, we open up the potential for use on
> smartphones and tablets, which is where most people's
> computing is moving anyway.

How secure is the NFC communication? Could a situation be contrived
where the person next to you in a crowd managed to get you to sign a
message on their device instead of your own?


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

The best way to destroy your enemy is to make him your friend.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVBC96XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwv1wH/iZAIFd1grKteFhMSpZ7L3Y7
F/nHWqjD5XEHxscYnE/BfVjF72ZBe+PIyBfiFnfdZAHyEDNCukoDxZVP+SbhX5dq
ho1QymCJYds5Uo+uLCbZd3PfabcnMATzNj5uU3MZ4rvR5yBaiSr3uwt5TPQbEFCf
pEYAbixsegGThab8TQHbWru615mIEsM/Sc2xAuwjeSO9o5zaFZDTdv18EFz5vbZs
i1aQkYvI7whalvTakK18+UTGDKagBRIBHTqHrEqNQH0rpFYRRH0EzTMNj/PeS2vE
Ja5tC/9xUMG7KY/jwCO9dxn6zMi0E1Z57COmSdVnGX1hn5UnPDrW+PYOVI2iQmyI
vgQBFgoAZgUCVQQvg18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45PEcAQCkvlcPhVcGBKTNX/gAKUIHR9Z6
QZigL/uAQmmvovpTGwEA7sDRSS70YfJVYGDqnyejQDtKIGYFnS+pkmaWYIj1fws=
=mCZy
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list