Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 9 13:51:09 CEST 2017
> A long and random passphrase is a good measure against dictionary and
> brute force attacks. It does not defend against malware sniffing the
> keyboard or scraping memory pages.
Jim Mickens' essay, "This World Of Ours", ought be required reading for
anyone talking seriously about scraping memory pages:
"My point is that security people need to get their priorities straight.
The 'threat model' section of a security paper resembles the script for
a telenovela that was written by a paranoid schizophrenic: there are
elaborate narratives and grand conspiracy theories, and there are heroes
and villains with fantastic (yet oddly constrained) powers that
necessitate a grinding battle of emotional and technical attrition. In
the real world, threat models are much simpler. Basically, you're either
dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then
you’ll probably be fine if you pick a good password and don’t respond to
emails from ChEaPestPAiNPi11s at virus-basket.biz.ru. If your adversary is
the Mossad, YOU'RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT
IT. The Mossad is not intimidated by the fact that you employ https://.
If the Mossad wants your data, they’re going to use a drone to replace
your cellphone with a piece of uranium that's shaped like a cellphone,
and when you die of tumors filled with tumors, they’re going to hold a
press conference and say 'It wasn't us' as they wear t-shirts that say
'IT WAS DEFINITELY US,' and then they’re going to buy all of your stuff
at your estate sale so that they can directly look at the photos of your
vacation instead of reading your insipid emails about them. In summary,
https:// and two dollars will get you a bus ticket to nowhere."
Once you assume that your opponent is specifically targeting you with
malware capable of sophisticated memory forensics, you're screwed.
Pinning your hopes on a smartcard is the worst kind of crypto-fetishism.
You can't proudly hold it up and say "ah ha, but *now* I am safe from
Tier-1 actors!" It doesn't work that way.
Smartcards are a great technology for a certain part of the problem
domain, but they aren't magical crypto fairy dust.
Mickens' full essay, BTW:
More information about the Gnupg-users