What am I missing? (Again)

Chris DeYoung chd at chud.net
Thu Mar 31 04:31:05 CEST 2016

> Let me condense and try again:

Let me preface by saying that I am answering based on what I think 
likely, not what I *know*, so take my comments in that context (and I 
welcome corrections from anyone who does know, of course).

> 1) Is it correct that this particular device maker designed a
> sophisticated hardware-based system with the specific purpose of
> thwarting the brute-forcing of ridiculously low-entropy user's
> secret?
> Yes/no?

I don't know.

However, it seems unlikely that you'll know the system internals so well 
that you can have true confidence in a "yes" answer, even if you suspect 
it to be yes, or the device maker claims it is yes. Therefore, for any 
applications where it actually matters, you'd be well advised to assume 

> 2) Is it possible for the user to circumvent the potential problem
> of the device maker cooperating with his adversary to by-pass this
> protection, simply by using a pass-phrase of an appropriate length?
> Yes/no?

I imagine that the potential problem can be circumvented, yes, but not 
simply by using a longer passphrase. I don't know whether it even allows 
that option, but it really doesn't matter since you don't know what it 
does with that passphrase internally anyway. Since you don't know, you 
can't trust it.

However, remember that the device in question is a computer. It's not a 
phone, or a camera, or a GPS receiver, it's just a computer that happens 
to have supporting hardware to enable some of those functions. As such, 
one can write whatever software one wants for it, and that includes a 
correctly implemented encrypted data storage mechanism which does not 
require you to trust any decisions made by the manufacturer. *That* is 
how you circumvent the problem you're referring to.

The android world is more open to third party developers so it's 
probably easier there, but I expect it should be possible either way. 
Regardless, if the system relies on code you can't see, then (in 
principle) you can't trust it completely.


More information about the Gnupg-users mailing list