rainer at hoerbe.at
Sun Apr 9 17:13:15 CEST 2017
> Am 09.04.2017 um 13:51 schrieb Robert J. Hansen <rjh at sixdemonbag.org>:
>> A long and random passphrase is a good measure against dictionary and
>> brute force attacks. It does not defend against malware sniffing the
>> keyboard or scraping memory pages.
> Jim Mickens' essay, "This World Of Ours", ought be required reading for
> anyone talking seriously about scraping memory pages:
> "My point is that security people need to get their priorities straight.
> The 'threat model' section of a security paper resembles the script for
> a telenovela that was written by a paranoid schizophrenic: there are
> elaborate narratives and grand conspiracy theories, and there are heroes
> and villains with fantastic (yet oddly constrained) powers that
> necessitate a grinding battle of emotional and technical attrition. In
> the real world, threat models are much simpler. Basically, you're either
> dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then
> you’ll probably be fine if you pick a good password and don’t respond to
> emails from ChEaPestPAiNPi11s at virus-basket.biz.ru. If your adversary is
> the Mossad, YOU'RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT
> IT. The Mossad is not intimidated by the fact that you employ https://.
> If the Mossad wants your data, they’re going to use a drone to replace
> your cellphone with a piece of uranium that's shaped like a cellphone,
> and when you die of tumors filled with tumors, they’re going to hold a
> press conference and say 'It wasn't us' as they wear t-shirts that say
> 'IT WAS DEFINITELY US,' and then they’re going to buy all of your stuff
> at your estate sale so that they can directly look at the photos of your
> vacation instead of reading your insipid emails about them. In summary,
> https:// and two dollars will get you a bus ticket to nowhere.“
Good point, and I agree to that for a very basic assessment. However, the assumption that only politicians and government employees holding a security clearance are targeted by Mossad & co is a thing of the past. System admins, developers and certain NGO actors became exposed persons as well. In addition, attacks already have been automated to a high degree. Bulk penetration of end user devices is not only technically feasible, but has been legalized in the UK with the Investigatory Powers Act 2016. If you think that it is OK if the GCHQ is holding your passwords and SSH keys, think twice. APT tools have been automated, and escaped into the wild in the past.
At the end of the day we do not have good enough data for a general threat assessment. Data from maleware vendors, cloud providers and forensics are too specific and biased. So we have to do our own fuzzy risk judgement, and, yes, I lean to the cautious side.
> Once you assume that your opponent is specifically targeting you with
> malware capable of sophisticated memory forensics, you're screwed.
> Pinning your hopes on a smartcard is the worst kind of crypto-fetishism.
> You can't proudly hold it up and say "ah ha, but *now* I am safe from
> Tier-1 actors!" It doesn't work that way.
Memory scraping is just one of several attack vectors against unencrypted private keys. And of course smartcards are only one in many security measures.
> Smartcards are a great technology for a certain part of the problem
> domain, but they aren't magical crypto fairy dust.
We agree in this point.
More information about the Gnupg-users