How important are Admin PIN and Passphrase in this scenario?
Daniel Krebs
mailinglist at krebs.uno
Mon Nov 30 00:04:58 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I'm thinking about the following scenario:
There is a smartcard with subkeys for encryption, signing and
authentication. The secret primary key is stored encrypted (eg. a
truecrypt container) and only used on an airgapped, offline machine
when signing other peoples keys or changing the expiration date of the
subkeys. Assuming the truecrypt container uses a really strong
password (so bruteforcing is not an option), is there a need for a
strong admin PIN and a strong passphrase? I'm thinking about a threat
model for this and the attacker's options (BIOS/UEFI backdoor or
someone just 'looking over your shoulder'). In any case there seems to
be no really benefit of using extraordinary strong admin pin because
there are only three tries before the card get rendered unusable. The
passphrase is only used in the secure environment. So if the attacker
can find out the truecrypt password he probably can capture the
passphrase and/or admin PIN too. Am I missing something?
dk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJWW4SMAAoJEA7irlPqaBCOLcQP/izvG02yXN7F/zrnLq2QxbuJ
8+tcahDR/ixxt23T6GhZlpG8M0ztGi5HYtloYvzU3Xp+sGpULsJeif3eFfZ7qpT+
eNVmh0hSUs2tI14pvziuCUzr2c8c6svm55TPMMfIuupD7OyZc0Xwz+8xN5UrXz8X
JtSztX9f3yesYUEAnimL072eKWetyjUVayhzVF0ZKw7DGxQZGErC+yKIHc/J1eWB
SdSWO7SZpMQpXKd/u2EFkvpN+w8wm8Kbwh+CBPJqIHezqRZTEaoDh5S2H3a17UWT
BxFQllL6U9/o0twXZUOt/D+FTsknj7XjMnpbXMwwTjkymvItNbmcTHmhz6kArpzS
+Dvw6Nd5o+gC8RQdabGvOHl4OLJGJEQPZh3rON0yVuzZtqL/7fMjjZqSe0Nh+DV9
fKe00PQ/YUcUiDqyabBhJaKZeGDxfJFsqU3MOcX4qoKZaCSfRqaZnWKHuOhfunfk
n6c3MqFgXVIRY7r2hX0VZpEdQNV0+UaofnbsG7hg/+tnAIV8r/tvld68jpeh+i4d
73J5LLrQejPMsoBEdA1MjD7eycMyyolWEzxr+OfU5COFM69HNAdrkd2zBChFcVmm
pF/bBngmXAzpnfRTgwIW3glvrBuyYJxX0fehZqXcOuvFjMANvV+Zesmva+k8pPry
WM+JoPPVDf5cV80UEg43
=IIug
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list